Title: Cyber Risk and Compliance Analyst (CSE)
Location: Remote, United States
Onsite Flexibility: 100% Remote
Must have knowledge of security auditing with strong writing, organization, and client skills for tracking/coordinating audit requests.
Required Education Level: Bachelors
Required Degree: computer science, electronics engineering or other engineering or technical discipline is required.
Required Years Experience: 10
Substitution Criteria: 8 years of additional relevant experience may be substituted for education
Location: Remote
Must have knowledge of security auditing with strong writing, organization, and client skills for tracking/coordinating audit requests.
Core Hours: 9a-3p ET
Exciting opportunity for an experienced Cyber Risk and Compliance Analyst looking to work with a diverse set of cybersecurity / information security subject matter experts providing policy guidance, best practices, and information assurance training for the protection of Department of Veterans Affairs (VA) data. Utilize your cybersecurity / information security skills to support compliance reviews and information assurance training and awareness initiatives as assigned. As a SME on the team you will be expected to author best practice work products and training materials for VA enterprise stakeholders. May provide work direction and oversight to junior staff.This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.
You Have
10+ years' experience with NIST special publications, specificallyRMFand NIST security controls (SP 800-37, SP 800-53), cybersecurity/information security subject matter expertise
Experience with cybersecurity/information security compliance reviews, audits, and/or assessments
Experience as the primary author/contributor to cybersecurity work products (e.g., whitepapers, SOP, checklists, security gap analyses, best practice guidance documents, training material, security policy)
Experience working directly with clients as a cybersecurity subject matter expert developing and presenting training and awareness presentation material providing cybersecurity guidance
Experience with Microsoft Office, including Word, Visio, Excel, PowerPoint, and Teams
Ability to communicate with key stakeholders, process owners, and customers to manage expectations, eliminate gaps, and ensure success
Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
Bachelor's degree in computer science, Electronics Engineering, or technical equivalent and 10 years of professional experience or a total of 18 years in lieu of education
Nice If You Have
Experience with federal contracting, including the Department of Veterans Affairs
Experience with Internet of Things and/or Medical Device Cybersecurity
Knowledge of: VHA Handbook 1200, VA 6500 Handbooks and Directives, data security, governance, and/or HIPAA
Experience with security considerations specific to health care and/or clinical research environments
Certifications: CAP, CISSP
Public Trust clearance
