Enterprise Risk Analyst

About The Position

Requirements

• Experience with cybersecurity, risk management, or risk assessment for complex systems
• Experience with NIST SP 800-53 and NIST SP 800-30
• Experience documenting and depicting network topology and network protocols
• Ability to engage directly with clients and third parties to facilitate enterprise risk analysis
• Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
• Bachelor's degree in Computer Science, Engineering, or Mathematics and 10+ years of experience in information analysis, or 18+ years of experience in information analysis in lieu of a degree

Nice To Haves

• Experience with cybersecurity analysis of medical technology or Internet of Things (IoT)
• Experience with Governance, Risk, and Compliance (GRC)
• Experience with Assessment and Authorization (A&A) and eMASS
• Experience with Excel and Visio
• Public Trust
• CompTIA Security+, Risk Management Professional (CRISC), or Risk and Information Systems Control (CRISC) Certification

Responsibilities

• Execute the VA Enterprise Risk Analysis (ERA) process using a custom ERA tool to identify key cybersecurity risk factors in network connected devices.
• Summarize, evaluate, and report risk factors using quantitative and qualitative scores.
• Acquire, review, and leverage system documentation and data gathered through questionnaires and interviews with customers and vendor/manufacturer representatives.
• Accurately document critical security posture elements in a common reporting format, including hardware/software inventory, communications profile, system interconnections, data types/stores, and security controls.
• Work within a Risk Management team to achieve best outcomes for the ERA process.

Benefits

• health, life, disability, financial, and retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program