Senior Cybersecurity Risk Analyst

The Charles Stark Draper Laboratory-posted 2 days ago
$95,000 - $237,500/Yr
Full-time • Mid Level
Cambridge, MA
1,001-5,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Cybersecurity Risk Analyst, Senior will lead the effort to strengthen enterprise classified and unclassified IT governance, risk and compliance functions. In this role, the ideal incumbent will lead critical assessments of existing and future security controls across enterprise unclassified and classified networks and systems, ensure compliance with industry framework, partner with business areas across the organization to reduce risk, and provide recommendations for strategic efficiencies, streamlining, and consolidation of classified computing capabilities. The incumbent in this role brings significant industry experience in cybersecurity, risk management, and IT operations, with a proven track record of results in DoD, intelligence community, and federal regulatory environments. The Cybersecurity Risk Analyst, Senior will provide subject matter expertise in multiple Government regulations such as Risk Management Framework (RMF), National Institute of Standards and Technology (NIST), Joint Special Access Program Implementation Guide (JSIG), Intelligence Community Directive/Standard (ICD/S), and IT Infrastructure Library (ITIL) frameworks, while partnering closely with technical and business stakeholders to reduce enterprise cyber risk and ensure mandatory compliance. This role requires direct interaction with government customers, cleared contractors, and mission stakeholders to provide technical expertise and compliance oversight throughout the system lifecycle.

  • Serve as a subject matter expert for cybersecurity risk management and compliance frameworks including NIST SP 800-171/53, DAAPM, CMMC, RMF
  • Develop and implement consistent, high quality System Security Plans (SSPs), Risk Assessment Reports (RARs), Plans of Actions & Milestones (POA&Ms) and Standard Operating Procedures (SOPs) across the enterprise classified IT portfolio
  • Perform Security Control Assessments for enterprise classified systems, oversee implementation of corrective actions and provide remediation strategies where relevant
  • Work closely with the Office of Threat Management (OTM) to conduct vulnerability assessments and threat analysis of the IT portfolio. Furthermore, monitor, evaluate and report on cybersecurity risk, incident response actions, and compliance gaps
  • Lead CMMC compliance and certification efforts to conduct gap assessments against CMMC requirements, develop and manage remediation plans, support audit readiness and interface with assessors, and ensure ongoing compliance with DFARS and CUI protection requirements
  • Provide technical risk guidance on cloud security (Azure, AWS), hybrid infrastructures, and Zero Trust initiatives
  • Perform risk assessments, vulnerability analysis, and compliance reviews using tools such as ServiceNow IRM, Nessus, Splunk, and CrowdStrike Falcon
  • Collaborate with business area stakeholders, system ownership, and executive leadership to ensure ongoing compliance with NIST, DoD and IC cybersecurity directives and policy
  • Provide critical input to cybersecurity policies, procedures, and training programs
  • Deliver reports and recommendations to executive leadership on risk posture, compliance status, and emerging threats
  • Serve as a trusted advisor across the cybersecurity organization
  • Deep knowledge of CMMC, NIST SP 800-171/53, DFARS, RMF, DAAPM, and JSIG
  • Experience with Governance, Risk & Compliance (GRC) Tools (ServiceNow IRM preferred) or similar platforms
  • Experience with Nessus, Splunk, CrowdStrike Falcon, and other vulnerability management/EDR/SIEM solutions
  • Understanding of security architecture and compliance for Azure, AWS, and hybrid infrastructures
  • Familiarity with STIGs, SCAP, and secure baselines for Windows and Linux systems
  • Experience developing and executing Incident Response playbooks, tabletop exercises, and insider threat response plans
  • Understanding of Zero Trust Architecture concepts and implementation approaches
  • Strong organizational and project management abilities (scheduling assessments, managing multiple system boundaries)
  • Ability to work independently and take initiative in a mission-driven environment
  • High degree of integrity, accountability, and discretion, especially handling sensitive information
  • Flexibility to balance compliance rigor with mission execution
  • Assess security risks, prioritize vulnerabilities, and recommend practical mitigation strategies
  • Ensure documentation and compliance artifacts meet audit requirements
  • Translate technical security issues into clear, actionable recommendations for leadership and stakeholders
  • Work effectively with a wide variety of stakeholders to include government customers, cleared contractors, mission stakeholders and security & IT personnel
  • Proven ability to lead cross-functional cybersecurity teams and provide leadership and oversight of compliance-related initiatives
  • Bachelor’s degree in Information Systems, Cybersecurity, or related field (or equivalent experience)
  • 10+ years of cybersecurity and IT experience, including compliance, risk management, and assessment roles
  • Active Certified Information System Security Professional (CISSP) certification required
  • Security+, CISM, CISA and/or Certified CMMC Professional (CyberAB) certification required
  • Experience supporting the Defense Industrial Base (DIB) and cleared contractor facilities
  • Deep understanding of and experience applying CMMC, RMF, NIST SP 800-53/171, DFARS, DAAPM, and JSIG directives
  • Strong technical knowledge of Windows, Cisco, Linux products, and virtualization technologies
  • Experience using enterprise security tools such as ACAS, HBSS, eMASS, SCCM and Symantec/McAfee
  • Strong technical knowledge of GRC platforms (ServiceNow IRM preferred) and enterprise security technologies (EDR, SIEM, DLP, NGFW/IDS/IPS, VPN, VDI)
  • Active Secret Clearance Required
  • ITIL Foundations certification preferred
  • Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities.
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cybersecurity Analyst Resume Examples
Cybersecurity Analyst Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service