Cyber Compliance and Risk Management Analyst, Senior

Key Role:

Perform Risk Management Framework (RMF) Assessment and Authorization (A&A) responsibilities for various Naval commands. Analyze the documentation, validation, and accreditation processes necessary to assure systems meet security and privacy requirements. Evaluate test results, analyze risk, and develop security assessment documentation to support accreditation decisions. Create risk mitigation strategy and ensure security configurations are maintained by DoD and department of Navy mandated policies. Interpret RMF guidance from authorizing officials for clients and provide information and input for the preparation of accreditation packages. Assess the applicability of emergent vulnerabilities to individual systems. Provide advice and direction to program managers and other functional area SMEs representing Cybersecurity or IA policies and regulations.

Basic Qualifications:

-5+ years of experience with Cybersecurity or information assurance supporting DoD or federal programs

-3+ years of experience with performing Cybersecurity accreditation, including DIACAP C&A and RMF A&A activities, including accreditation package development and security control testing or validation

-2+ years of experience with DoD STIGs, checklists, and Security Requirements Guides (SRGs)

-Experience with performing IT security assessments

-Experience with developing IT policy, guidance, or procedure documentation supporting Cybersecurity accreditation

-Experience with Cybersecurity principles, National Institute of Standards and Technology (NIST) Special Publications, federal regulations, and security standards

-Secret clearance

-HS Diploma or GED and 6 years of experience with Cybersecurity, system administration, or engineering or Bachelor's degree in CS, Cybersecurity, or Engineering

-DoD Cybersecurity Workforce, including Security+ Certification or ability to obtain within 6 months of hire

Additional Qualifications:

-Experience with developing, managing, and securing Microsoft Windows, UNIX, or Linux platforms

-Experience with system security patch implementation, vulnerability management, and risk mitigation

-Knowledge of Navy or DoD network environments and DoD and Department of Navy Cybersecurity policies

-Navy Qualified Validator (NQV) or ability to earn NQV rating Certification within 6 months of hire


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.