Cybersecurity Risk and Compliance Analyst

Please Note:

This is 100% On-Site position.

Selected candidate must be willing to work on-site in Woodlawn, MD 5 days a week.

Position Description:

The Subject Matter Expert (SME) will provide technical guidance for assessing the management, operational, assurance, and technical security controls implemented on an information system via security testing and evaluation methods.

The SME will provide guidance on improvement of policies and procedures to support the federal client's business processes for security assessment of Organizations.

Provide technical advisory functions to staff.

Provide administrative support for pre- and post-assessment activities.

Provide continued modernization support for the Technical System Security Requirements (TSSR) and Security Evaluation Questionnaire (SEQ),

Determine security controls effectiveness to ensure controls are implemented correctly, operating as intended and meeting requirements.

Provide Cloud technical assistance/data privacy technical assistance.

Provide technical assistance with ensuring suite of controls are implemented and operating as intended.

Key Required Skills:

Strong business documentation and technical writing skills;

Must know NIST 800-53 revision 5;

How to assess cybersecurity control based on NIST 800-53a R5;

Strong experience working in Excel

Requirements

Basic Qualifications:

Bachelor's Degree and 3 years of relevant experience, or master's degree and 1 year of relevant experience, or 7+years of relevant experience in lieu of a degree.

2+ years of security control assessment experience

Strong business documentation and technical writing skills.

Must have strong experience working in Excel

Must be able to obtain and maintain a Public Trust. Contract requirement.

Required Skills:

Must possess a relevant cybersecurity certification (e.g., Security+, CISSP, CISM, or CAP)

Experience with interpreting and applying federal laws, OMB directives, and client-specific policies to security and compliance efforts.

Experience with interpreting and assessing security controls using NIST SP 800-53A Rev. 4, NIST SP 800-53 Rev. 5, NIST SP 800-37 Rev. 1, NIST SP 800-30 Rev. 1, NIST SP 800-39, and FIPS publications.

Desired Skills:

Experience supporting Risk Management Framework (RMF) activities in accordance with NIST guidelines.

Experience coordinating with the federal agency and partner agencies, understanding and leveraging existing agreements.

Experience producing and maintaining business and technical documentation related to the Risk Management Framework.