Cybersecurity Risk Analyst
About The Position
The Cybersecurity Risk Analyst is a member of Draper’s Cybersecurity Risk Management team, responsible primarily for unclassified information system risk and compliance efforts. This role contributes to the Cybersecurity Risk Management team in applying contractual and regulatory requirements to include DFARS and CMMC to Draper’s unclassified computing environments. This team serves as the Governance Risk and Compliance (GRC) tool product owner, performs compliance and risk analyses, develops policy, procedures, and standards, and partners closely with peer IT, security, and engineering teams to ensure compliance and risks are appropriately managed thorough the organization.
Requirements
- Technical and functional experience in domain of Governance, Audit, Risk Management and Regulatory Compliance.
- Understand risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture consideration.
- Ability to read, understand, and apply government regulation (FAR, DFARS).
- Strong working knowledge of NIST SP 800-171, NIST SP 800-53, CMMC, NIST Risk Management Framework (RMF), FedRAMP
- Knowledge of CUI and the control sets and documentation necessary for adherence to CUI management and safe keeping.
- Ability to develop organizational cybersecurity policy, procedures, standards, and guidelines
- Ability to think strategically about security risks and tie those to tactical organizational activities and goals.
- Ability and experience developing and maintaining System Security Plans and associated artifacts, such as a Plans of Action & Milestones, Risk Assessment Report, and Continuous Monitoring Strategy
- A thorough knowledge of risk assessment methodologies, such as NIST SP 800-30, Factor Analysis of Information Risk (FAIR), Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), or other risk assessment practices
- 4 years of cybersecurity and IT experience, including compliance, risk management, and assessment roles.
- Experience supporting the Defense Industrial Base (DIB) and cleared contractor facilities preferred.
- Ability to obtain a Secret clearance is required.
Responsibilities
- Serve as a subject matter expert for cybersecurity risk management and compliance frameworks including NIST SP 800-171/53, DAAPM, CMMC, RMF
- Lead CMMC compliance and certification efforts to conduct gap assessments against CMMC requirements, develop and manage remediation plans, support audit readiness and interface with assessors, and ensure ongoing compliance with DFARS and CUI protection requirements
- Provide technical risk guidance on cloud security (Azure, AWS), hybrid infrastructures, and Zero Trust initiatives
- Perform risk assessments, vulnerability analysis, and compliance reviews using tools such as ServiceNow IRM, Nessus, Splunk
- Conduct continuous monitoring of security controls
- Deliver reports and recommendations to executive leadership on risk posture, compliance status, and emerging threats
- Serve as a trusted cybersecurity advisor across the organization
- Develop and promote processes and procedures to analyze and assess cybersecurity risks across an enterprise environment
Benefits
- workplace flexibility
- employee clubs ranging from photography to yoga
- health and finance workshops
- off site social events
- discounts to local museums and cultural activities
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
