Cyber Risk Management Analyst

at  Criterion Systems Inc

Overview:
At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com. Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply.
Responsibilities:
We are seeking a mission-focused Cyber Risk Management Analyst/Information Assurance Analyst to perform cybersecurity risk assessment support for for a high visibility customer. The primary focus will be on identifying and evaluating potential data security risks and vulnerabilities within their systems and developing effective mitigation strategies.

REQUIRED EXPERIENCE, EDUCATION, SKILLS & TECHNOLOGIES

• Bachelor’s degree in Computer Science, Cybersecurity, Computer Engineering or Information Technology or related degree.
• Active DoD TS/SCI Clearance or TS with SCI eligibility
• 4+ years of experience including proven experience in a similar role supporting the Federal Government.
• Prior experience conducting security risk assessments for IT systems, applications, or services within a Government environment
• Solid knowledge of cybersecurity frameworks, standards, and best practices such as NIST, FISMA, FedRAMP, etc.
• Strong problem-solving abilities and attention to detail.
• Excellent written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders.

PREFERRED EXPERIENCE, EDUCATION, SKILLS & TECHNOLOGIES

• None

DUTIES, TASKS & RESPONSIBILITIES

• Conduct thorough risk assessments for Government-developed, procured, and potentially acquired applications and/or services. This includes evaluating system interconnections, waivers, Plan of Action and Milestones (POA&Ms), and other relevant factors.
• Ensure compliance with relevant regulations, standards, and policies by conducting assessments and authorizations.
• Develop risk assessment reports that can be presented to senior executives, highlighting features, functionality, interoperability, and other critical aspects.
• Identify and recommend appropriate security measures to mitigate identified risks. Collaborate with offices such as Cloud Application Security, Data Governance, and others to incorporate their findings into the risk assessment package.
• Perform data security risk assessments in support of the “Request for New Solution” process.
• Evaluate critical controls, both FEDRAMP and non-FEDRAMP, as well as features and functionality to develop data security risk assessments.
• Collaborate with relevant stakeholders to ensure the implementation of effective controls and recommend enhancements or improvements as necessary.
• Support continuous monitoring (CONMON) for non-FedRAMP applications.
• Manage and maintain 3rd party risk monitoring tool. Set up accounts, alerts, add new applications, compile security reports, etc.
• Manage and maintain an internal risk assessment tracking system; add new applications needed.
  Qualifications: