Cyber Risk Management Analyst

• Conduct thorough risk assessments for Government-developed, procured, and potentially acquired applications and/or services. This includes evaluating system interconnections, waivers, Plan of Action and Milestones (POA&Ms), and other relevant factors.
• Ensure compliance with relevant regulations, standards, and policies by conducting assessments and authorizations.
• Develop risk assessment reports that can be presented to senior executives, highlighting features, functionality, interoperability, and other critical aspects.
• Identify and recommend appropriate security measures to mitigate identified risks. Collaborate with offices such as Cloud Application Security, Data Governance, and others to incorporate their findings into the risk assessment package.
• Perform data security risk assessments in support of the “Request for New Solution” process.
• Evaluate critical controls, both FEDRAMP and non-FEDRAMP, as well as features and functionality to develop data security risk assessments.
• Collaborate with relevant stakeholders to ensure the implementation of effective controls and recommend enhancements or improvements as necessary.
• Support continuous monitoring (CONMON) for non-FedRAMP applications.
• Manage and maintain 3rd party risk monitoring tool. Set up accounts, alerts, add new applications, compile security reports, etc.
• Manage and maintain an internal risk assessment tracking system; add new applications needed.

• Bachelor’s degree in Computer Science, Cybersecurity, Computer Engineering or Information Technology or related degree.
• Active DoD TS/SCI Clearance or TS with SCI eligibility
• 4+ years of experience including proven experience in a similar role supporting the Federal Government.
• Prior experience conducting security risk assessments for IT systems, applications, or services within a Government environment
• Solid knowledge of cybersecurity frameworks, standards, and best practices such as NIST, FISMA, FedRAMP, etc.
• Strong problem-solving abilities and attention to detail.
• Excellent written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders.

• None

• Minimum TS/SCI

• DoD 8570 IAT II Certification or higher (e.g., Security+, CCNA Security, CySA+, GICSP, GSEC, CND, SSCP) https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications

• Full-time hybrid on-site 3 days/week

• Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.

Criterion Systems, LLC and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit https://careers-criterion-sys.icims.com/.