Cyber Risk Analyst

Working level expertise with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and the NIST 800-53 series of control families. Experience with government environments. Experience working closely with cyber security leadership and peers. Technical understanding of systems and technologies. Ability to translate results into business-oriented, task-focused presentations. Considerable knowledge of Risk Management and Risk Management Framework (RMF) requirements. Working level knowledge of the NIST 800 Rev 5 series framework. Considerable knowledge/experience of assessing controls. Experience in working with Governance Risk Compliance systems. Experience presenting reports and outcomes to leadership. Experience and skill in conducting audits or reviews of technical systems. Experience assessing vendor risk. Ability to skillfully communicate through various methods, including written documentation. Ability to work autonomously as a contributing member of a small technical team. Working knowledge of networking administration. Working knowledge of system administration.

Perform detailed analysis and cyber risk assessment of Cloud Service Providers (CSPs). Engage with vendors to review controls, certifications, and risks. Partner with the CSPO in the development of risk assessment and reporting processes within the Laboratory's Governance, Risk and Compliance (GRC) tool, Talatek TiGRIS. Perform risk-based assessments of NIST 800-53 control validation and gap analysis. Collaborate with the CSPO to present outcomes of risk analysis work. Maintain assessment and assessment results in identified repositories. Assist in the performance of the laboratory's Divisional Site Assist Visit (DSAV) self-assessment and continuous monitoring strategy.