Cyber Risk Management Analyst

At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com. Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply.

We are seeking a mission-focused Cyber Risk Management Analyst/Information Assurance Analyst to perform cybersecurity risk assessment support for for a high visibility customer.  The primary focus will be on identifying and evaluating potential data security risks and vulnerabilities within their systems and developing effective mitigation strategies.

This role is hybrid and requires 3 days a week on-site in Washington, DC.

Duties, Tasks & Responsibilities

• Conduct thorough risk assessments for Government-developed, procured, and potentially acquired applications and/or services. This includes evaluating system interconnections, waivers, Plan of Action and Milestones (POA&Ms), and other relevant factors.
• Ensure compliance with relevant regulations, standards, and policies by conducting assessments and authorizations.
• Develop risk assessment reports that can be presented to senior executives, highlighting features, functionality, interoperability, and other critical aspects.
• Identify and recommend appropriate security measures to mitigate identified risks. Collaborate with offices such as Cloud Application Security, Data Governance, and others to incorporate their findings into the risk assessment package.
• Perform data security risk assessments in support of the “Request for New Solution” process.
• Evaluate critical controls, both FEDRAMP and non-FEDRAMP, as well as features and functionality to develop data security risk assessments.
• Collaborate with relevant stakeholders to ensure the implementation of effective controls and recommend enhancements or improvements as necessary.
• Support continuous monitoring (CONMON) for non-FedRAMP applications.
• Manage and maintain 3rd party risk monitoring tool. Set up accounts, alerts, add new applications, compile security reports, etc.
• Manage and maintain an internal risk assessment tracking system; add new applications needed.

Required Experience, Education, Skills & Technologies

• Bachelor’s degree in Computer Science, Cybersecurity, Computer Engineering or Information Technology or related degree.
• Active DoD TS/SCI Clearance or TS with SCI eligibility 
• 4+ years of experience including proven experience in a similar role supporting the Federal Government.

• Prior experience conducting security risk assessments for IT systems, applications, or services within a Government environment

• Solid knowledge of cybersecurity frameworks, standards, and best practices such as NIST, FISMA, FedRAMP, etc.

• Strong problem-solving abilities and attention to detail.

• Excellent written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders.

Preferred Experience, Education, Skills & Technologies

• None

Security Clearance Level

• Minimum TS/SCI

Certification

• DoD 8570 IAT II Certification or higher (e.g., Security+, CCNA Security, CySA+, GICSP, GSEC, CND, SSCP) https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications

 Work Schedule

• Full-time hybrid on-site 3 days/week 

Benefits Offered

• Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.

Criterion Systems, LLC and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status:  race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit https://careers-criterion-sys.icims.com/.