Enterprise Risk Analyst
About The Position
As an experienced Risk Analyst, you will execute the VA Enterprise Risk Analysis process using a custom ERA tool to identify key cyber security risk factors in network connected devices. These risk factors are summarized, evaluated, and reported using quantitative and qualitative scores to provide a VA authorizing official with awareness of the residual cyber risk prior to connecting these devices to the VA network. You must acquire, review, and leverage system documentation and data gathered through questionnaires and interviews with customers in the field and vendor or manufacturer representatives to accurately document critical security posture elements in a common reporting format. These elements include hardware and software inventory, communications profile, system interconnections, data types and stores, and the presence or lack of security controls, settings, and mechanisms for a given device type. You will work within a Risk Management team to achieve best outcomes for the ERA process.
Requirements
- Experience with cybersecurity, risk management, or risk assessment for complex systems
- Experience with NIST SP 800-53 and NIST SP 800-30
- Experience with documenting and depicting network topology and network protocols
- Ability to engage directly with clients and third parties to facilitate enterprise risk analysis
- Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
- Bachelor's degree in computer science, engineering, or math and 10+ years of experience in information analysis, or 18+ years of experience in information analysis in lieu of degree
Nice To Haves
- Experience with cybersecurity analysis of medical technology or Internet of Things (IoT)
- Experience with Governance, Risk, and Compliance (GRC)
- Experience with Assessment and Authorization (A&A) and eMASS
- Experience with Excel and Visio
- CompTIA Security+, Risk Management Professional (CRISC), or Risk and Information Systems Control (CRISC) Certification
Responsibilities
- Execute the VA Enterprise Risk Analysis process using a custom ERA tool to identify key cyber security risk factors in network connected devices
- Summarize, evaluate, and report risk factors using quantitative and qualitative scores to provide a VA authorizing official with awareness of the residual cyber risk prior to connecting these devices to the VA network
- Acquire, review, and leverage system documentation and data gathered through questionnaires and interviews with customers in the field and vendor or manufacturer representatives to accurately document critical security posture elements in a common reporting format
- Document critical security posture elements including hardware and software inventory, communications profile, system interconnections, data types and stores, and the presence or lack of security controls, settings, and mechanisms for a given device type
- Work within a Risk Management team to achieve best outcomes for the ERA process
Benefits
- Health benefits
- Life benefits
- Disability benefits
- Financial benefits
- Retirement benefits
- Paid leave
- Professional development
- Tuition assistance
- Work-life programs
- Dependent care
- Recognition awards program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Number of Employees
5,001-10,000 employees
