Cyber Risk Management Analyst

About The Position

Requirements

• Applicant must be a U.S. citizen residing in the U.S.
• This position requires obtaining a clearance through the Department of Education. Applicants must be willing to undergo a background check as part of the hiring process.
• Bachelor’s degree from an accredited university or 5-7 years of relevant experience.
• 3+ years in GRC, third-party risk management, federal compliance (NIST 800-53, 800-37)
• CISA (Certified Information Systems Auditor)
• CRISC
• CGEIT
• CISSP
• CompTIA Security+
• CCSK (Certificate of Cloud Security Knowledge)
• CAP/ISC2 CGRC
• GRC platforms (Archer/ServiceNow)
• TPRM tools (OneTrust/Prevalent)
• Awareness platforms (KnowBe4/Proofpoint)
• MS Power BI
• Advanced Excel
• JIRA

Responsibilities

• Drive enterprise cybersecurity risk management by quantifying risks, assessing control effectiveness, and ensuring alignment with NIST 800-53, FISMA, and DOE policies
• Lead enterprise-wide risk assessments, audits, and user awareness programs
• Maintain and manage the enterprise Risk Register and POA&M lifecycle
• Monitor/report critical cyber risks; use dashboards and metrics to inform leadership
• Design security awareness programs and phishing simulations
• Collaborate with engineers and analysts to define compliance guardrails and prioritize remediation activities
• Generate automated risk metrics, heat maps, and executive-level security reports

Benefits

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Training & Development