1 to 25 of 572 Permanent Risk Analysis Jobs

ability to support authorization activities across complex environments. The Cloud Solutions Architect will interface with both engineering teams and cloud service providers to ensure that cloud solutions are resilient, risk-informed, and aligned with evolving federal security standards. Key Responsibilities • Lead Technical Exchange Meetings (TEMs) with cloud providers to evaluate cloud architectures and ensure alignment with mission requirements. • Maintain … Oracle Cloud, or IBM Cloud. • Evaluate and advise on cross-domain technology solutions and common security architecture designs. • Consult project teams and leadership on system architecture, security postures, and risk mitigation. • Lead and support continuous monitoring operations, including scan analysis using tools like Rapid7, Nessus, and Qualys. • Track and manage Plan of Action and Milestone (POA&M) items … to support remediation efforts and risk reduction. • Use tools such as Xacta 360, Risk Vision, or RSA Archer to monitor A&A activities and maintain compliance. • Leverage knowledge of the Common Control Provider model under the NIST Risk Management Framework (RMF). • Support preparation of A&A packages and collaboration with Security Control Assessors (SCAs). • Conduct More ❯

real-time. Design and implement security solutions and controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection. Perform regular vulnerability assessments, penetration testing, and risk analysis. Collaborate with IT and development teams to ensure secure system architecture and application development. Maintain and enhance incident response procedures and disaster recovery plans. Investigate and document security … breaches, providing root cause analysis and remediation plans. Conduct security awareness training for staff and ensure compliance with internal policies and regulatory requirements (e.g., FCA, GDPR, ISO 27001). Stay up to date with the latest security technologies, trends, and threat intelligence. Essential Skills & Qualifications: Proven experience in a cyber security or information security engineering role. Strong knowledge of More ❯

sensitive data. This role supports business strategy in a dynamic environment. Responsibilities: Vulnerability Assessment: Conduct regular vulnerability assessments to identify security weaknesses in our systems, applications, and network infrastructure. Risk Analysis: Analyze and prioritize vulnerabilities based on risk level and potential impact on the organization. Mitigation Strategies: Develop and implement effective mitigation strategies to address identified vulnerabilities … vulnerability assessment findings, mitigation efforts, and overall security posture for senior management. Security: Engage in the design and support of all aspects of an information security program, including Governance Risk & Compliance, Security Operations, and Security Engineering with hands on engineering and administration of security tools, such as CrowdStrike, Qualys, and Splunk in collaboration with fellow security and IT professionals. … Required Skills and Qualifications: Demonstrable experience across multiple cybersecurity domains including vulnerability management, risk management, network security, Splunk engineering, and incident response. Experience analyzing impact of vulnerabilities and designing solutions across Windows, Mac, Linux, Cloud, Network, Labs, and OT. Technical experience designing solutions across Linux, Mac, and Windows platforms. Strong knowledge of common vulnerabilities and attack vectors, as well More ❯

VIRGINA - URGENT Job Type: Full-time Clearance Level: Top secret/SCI Work Arrangement: Remote Job Location: Arlington VA Salary: 200k - 250k Background Provide the AO with an independent risk assessment of assigned systems and an authorization Advise program managers on AO determination utilizing OVL documentation Provide senior advisory support to CDAO AO regarding authorizations of CDAO capabilities Utilize … expert knowledge and experience regarding risk management strategies in support of a major DoD program Providing support regarding the agile authorization and OVL processes Provide independent risk analysis and recommendation Collaborate between the AO and the program as well as program leadership Identify the security baseline based on the mission and security impacts to the system Determine … Assess the security requirements in accordance with the assessment procedures defined in the security Assessment plan (SAP) Prepare the SAR Monitor POAM actions based on findings and reassess remediated risk(s) as appropriate Develop the risk recommendation and AO determination brief Develop a system-level continuous monitoring strategy Author and present briefs regarding status of authorizations to AO More ❯

to ensure due process and policy alignment. Integrate endpoint telemetry and DLP controls to reduce unauthorized data transfers and improve visibility across cloud and on-prem environments. Conduct behavioral analysis and threat hunting using IOCs, TTPs, and threat intelligence feeds. Perform vulnerability assessments and risk analysis on high-value systems and personnel. Support compliance with NIST More ❯

standards and regulations Exception Management: Identify, document, submit and track instances where the implementation of security patches or configuration controls needs to be delayed for business or technical reasons Risk Assessment: evaluate potential risks and impacts of granting a security exception, considering immediate needs and long-term implications Exception Renewal: periodically review active exceptions to determine if they are … limited to, secure configuration management, data protection, security monitoring, incident response, patch management, governance, enterprise security strategies and architecture Understanding of security vulnerabilities, exploits, and mitigation techniques Knowledge of risk analysis, vulnerability assessment methodologies, and security baselines Clear understanding of various operating systems and versions, secure configuration and build images Experience with automation, scripting, and orchestration (Python, PowerShell More ❯

current and desired system security architecture. Assessing and mitigating system security threats and risks throughout the program life cycle. Leading and/or contributing to the security planning, assessment, risk analysis, risk management, certification and awareness activities for various system and networking operations. Effectively collaborating with other internal technical experts on a day-to-day basis. Communicating … providing advice to Program Managers, Customer technical experts, and internal program teams. Formulating security compliance requirements for new system features. Identifying and remediating security issues throughout the system. Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other IA program support functions. Working with development teams to enrich team-wide understanding of different types … hold an active TS/SCI clearance with Polygraph. Must have a solid understanding of security practices and policies and hands-on vulnerability testing experience. Must have experience applying Risk Management Framework. Must have experience formulating and assessing IT security policy. Must have demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark hardware More ❯

architecture reviews, and ensure mission-critical services remain secure and compliant across leading commercial cloud platforms. This is a hands-on technical role requiring expertise in cloud technologies, federal risk management frameworks, and secure systems engineering. Key Responsibilities • Facilitate Technical Exchange Meetings (TEMs) with cloud service providers to evaluate cloud service architectures and integration strategies. • Support the design, implementation … in alignment with NIST 800-53, FIPS 199, CNSS 1253, and Sponsor-specific guidance. • Analyze scan results using tools such as Nessus, Rapid7, and Qualys; assess vulnerabilities and develop risk mitigation strategies. • Support continuous monitoring activities and implement controls aligned with evolving mission requirements. • Track compliance activities using tools such as Xacta 360, RSA Archer, or Risk Vision. … Archer). • Experience working with cross-domain technologies and secure architecture designs. • Ability to collaborate effectively with SCAs and prepare comprehensive security packages. • Strong understanding of information security controls, risk assessments, and A&A documentation. • Ability to advise teams on system engineering and security requirements in a classified environment. Education Requirement • Bachelor's degree in Cybersecurity, Information Systems, Computer More ❯

related to cloud security breaches and misconfigurations. Implement SIEM and security monitoring tools for real-time threat detection. Cloud Security Assessments & Compliance Conduct cloud security assessments, penetration testing, and risk analysis . Ensure compliance with ISO 27001, NIST, CIS Benchmarks, GDPR , and other security standards. Collaborate with DevOps teams to integrate security into CI/CD pipelines. Security More ❯

IT RISK MANAGEMENT SENIOR ANALYST WHAT IS THE OPPORTUNITY? "The IT Risk Senior Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment. Focus areas of IT Control assessment by the ITRM Security Senior Analyst includes fit for purpose review … and challenges and process/risk/control (PRC) reviews to evaluate and overall control program effectiveness in mitigating risk. The ITRM Senior Analyst's goal to create actionable information for IT and business leadership, and to provide objective assessment of cyber security risks for auditors, regulators and external parties. This requires routinely performing review and challenge reviews agains … I controls, authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information. The ITRM Senior Anlayst keeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's More ❯

IT RISK MANAGEMENT SENIOR ANALYST WHAT IS THE OPPORTUNITY? "The IT Risk Senior Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment. Focus areas of IT Control assessment by the ITRM Security Senior Analyst includes fit for purpose review … and challenges and process/risk/control (PRC) reviews to evaluate and overall control program effectiveness in mitigating risk. The ITRM Senior Analyst's goal to create actionable information for IT and business leadership, and to provide objective assessment of cyber security risks for auditors, regulators and external parties. This requires routinely performing review and challenge reviews agains … I controls, authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information. The ITRM Senior Anlayst keeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's More ❯

IT RISK MANAGEMENT SENIOR ANALYST WHAT IS THE OPPORTUNITY? "The IT Risk Senior Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment. Focus areas of IT Control assessment by the ITRM Security Senior Analyst includes fit for purpose review … and challenges and process/risk/control (PRC) reviews to evaluate and overall control program effectiveness in mitigating risk. The ITRM Senior Analyst's goal to create actionable information for IT and business leadership, and to provide objective assessment of cyber security risks for auditors, regulators and external parties. This requires routinely performing review and challenge reviews agains … I controls, authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information. The ITRM Senior Anlayst keeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's More ❯

IT RISK MANAGEMENT SENIOR ANALYST WHAT IS THE OPPORTUNITY? "The IT Risk Senior Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment. Focus areas of IT Control assessment by the ITRM Security Senior Analyst includes fit for purpose review … and challenges and process/risk/control (PRC) reviews to evaluate and overall control program effectiveness in mitigating risk. The ITRM Senior Analyst's goal to create actionable information for IT and business leadership, and to provide objective assessment of cyber security risks for auditors, regulators and external parties. This requires routinely performing review and challenge reviews agains … I controls, authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information. The ITRM Senior Anlayst keeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's More ❯

IT RISK MANAGEMENT SENIOR ANALYST WHAT IS THE OPPORTUNITY? "The IT Risk Senior Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment. Focus areas of IT Control assessment by the ITRM Security Senior Analyst includes fit for purpose review … and challenges and process/risk/control (PRC) reviews to evaluate and overall control program effectiveness in mitigating risk. The ITRM Senior Analyst's goal to create actionable information for IT and business leadership, and to provide objective assessment of cyber security risks for auditors, regulators and external parties. This requires routinely performing review and challenge reviews agains … I controls, authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information. The ITRM Senior Anlayst keeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's More ❯

We can consider hybrid or fully remote work in the UK. We’re looking for a self-motivated and driven individual with a passion for technology risk management who is looking for an exciting role as a technology risk subject matter expert within the second line of defence (2LoD) Chief Risk Office. You will provide expertise, advice … and independent challenge around the Technology risk and control environment and play a crucial role in developing the technology risk strategy to protect Aztec from technology-related threats while enabling business growth and innovation. This role offers the successful candidate extensive opportunities for development and the opportunity to apply their knowledge of technology risk at a senior … level within a financial services environment. Key responsibilities: Development and delivery of Aztec’s technology risk strategy in line with the ERMF and the Chief Risk Office roadmap, regulatory requirements and industry best practice, such as COBIT5/ITIL. Ensure that key strategic risks and controls associated with cloud infrastructure, AI, data management, and wider digital transformation are More ❯

We can consider hybrid or fully remote work in the UK. We’re looking for a self-motivated and driven individual with a passion for technology risk management who is looking for an exciting role as a technology risk subject matter expert within the second line of defence (2LoD) Chief Risk Office. You will provide expertise, advice … and independent challenge around the Technology risk and control environment and play a crucial role in developing the technology risk strategy to protect Aztec from technology-related threats while enabling business growth and innovation. This role offers the successful candidate extensive opportunities for development and the opportunity to apply their knowledge of technology risk at a senior … level within a financial services environment. Key responsibilities: Development and delivery of Aztec’s technology risk strategy in line with the ERMF and the Chief Risk Office roadmap, regulatory requirements and industry best practice, such as COBIT5/ITIL. Ensure that key strategic risks and controls associated with cloud infrastructure, AI, data management, and wider digital transformation are More ❯

bid, labor category, and skill level is at the discretion of the Contractor. INTRODUCTION: The Sponsor supports a diverse set of corporate goals across the organization by conducting technical risk assessments and providing technical risk mitigation guidance on the use of various enabling technologies. The Sponsor requires subject matter expertise in technical risk analysis of enterprise … and wireless networks, cloud-based computing, network management platforms, communication protocols, scripting or programming products, configuration scripts, and IT hardware and software products in support of Sponsor's technical risk assessment activities. The Sponsor also requires software development to maintain an online infrastructure, evaluating and extracting relevant data, web development, and software coding. WORK REQUIREMENTS: Contractor Support; HHR; Yes … The Contractor shall perform technical risk assessments and provide technical risk mitigation guidance on the use of various enabling technologies. The Contractor shall gather Body of Evidence (BOE) and assess artifacts, such as CONOPS, use cases, detailed network diagrams, technical design details, procurement methods, and System Security Plan (SSP) to get a holistic view of the interworking parts More ❯

products and services, recommending best-fit solutions. Support incident investigations and security control enhancements. Ensure security architectures align with industry frameworks such as TOGAF and SABSA. Key Deliverables Gap Analysis Report: Assessing current security posture against NIST 800-53. Security Control Mapping: Documenting alignment of existing controls with compliance frameworks. Implementation Plans: Designing and deploying new security controls. … least 2 years in a similar role. Strong knowledge of NIST 800-53, ISO27001, PCI DSS, and COBIT. Experience with security frameworks (SABSA, TOGAF). Understanding of threat and risk analysis methodologies. Experience in cloud security (Azure, AWS, Google). Ability to work in high-security HMG and MOD environments. Desirable Certifications CompTIA Security+, CISSP, CISM, CCSP, TOGAF … SABSA SCF. CESG Certified Cyber Professional (CCP) in Security Architecture or Risk Management. ISO27001 Lead Auditor. More ❯

cloud security and compliance to support a U.S. Government customer. This role involves leading and contributing to system security engineering efforts, authorization and accreditation (A&A) activities, and enterprise risk management across complex cloud environments. The ideal candidate has proven experience supporting continuous monitoring operations, conducting security control assessments, and advising technical teams and leadership on system architecture and … cross domain solutions and common architecture design patterns. • Consult with project teams on system architecture and security posture. • Support continuous monitoring, analyze security scans (Rapid7, Nessus, Qualys), and document risk mitigation steps. • Create, manage, and close Plans of Action and Milestones (POA&Ms). • Utilize compliance tracking tools such as Xacta 360, RSA Archer, and Risk Vision. • Apply … the Common Control Provider model under the NIST Risk Management Framework. • Collaborate with SCAs to prepare complete and accurate security control packages. • Conduct information system security engineering and contribute to evolving SOPs to meet mission objectives. • Advise leadership on the security of cloud infrastructure, services, and emerging threats. Mandatory Skills & Experience • Demonstrated experience with Sponsor or specific A&A More ❯

and continuously monitor for compliance. • Verify data security access controls and assign privileges based on need-to-know. • Investigate suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs). • Apply and maintain required confidentiality controls and processes. • Verify authenticator generation and verification requirements and processes. • Execute media sanitization (clearing, purging, or destroying) and … to support customer requirements. • Identify, report, and resolve security violations. • Establish and satisfy information assurance and security requirements based on user, policy, regulatory, and resource demands. • Perform vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle. Required Skills: • Per contract requirements candidates must possess an active TS/SCI … the Department of Defense (DoD) or Intelligence community. • 2 years of experience as a Cyber or Security Analyst for federal information systems. • 2 years of experience with the Federal Risk and Authorization Management Program (FedRAMP). Minimum Requirements TCS040, T4, Band 7 Desired Skills: • IAT level III certification (CASP CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH), or More ❯

meaningful security transformation. Key Responsibilities As part of a versatile consulting team, you’ll support clients across various industries with end-to-end security services. Responsibilities include: Security Assessments & Risk Management : Conduct security assessments, risk analysis, and provide incident response guidance. Identify and prioritise remediation actions. Security Solution Design : Design and implement bespoke cyber security solutions using More ❯

and guidance to develop reliable, secure, and compliant security solutions tailored to project needs. Your responsibilities include: Advising on high-level security architecture and contributing to design processes, including risk assessments Consulting on security component architectures (e.g., SIEM, IAM, gateways) Evaluating architectures against policies and standards (NIST, ISO, JSP) Justifying architectural decisions Coordinating across multidisciplinary teams Presenting solutions to … recognized as a valuable contributor to sensitive programs. COMPETENCIES: You can independently define architectures, are proficient in Infrastructure Security, Security Supervision, and Information Systems Security. You are familiar with Risk Analysis, Network Security, Cryptography, IAM, cloud technologies, and compliance monitoring. You excel in working with customers and technical teams. NICE TO HAVE: Domain expertise in Defence, Nuclear, Government … Aerospace, CNI, Transport; experience in Risk Management and Accreditation. CAREER DEVELOPMENT: Thales offers opportunities to explore different domains, roles, and international careers. We support personal growth, talent development, and career flexibility within our global organization. Candidates must provide proof of identity, work eligibility, and employment/education history for up to three years. Some roles may require full Security More ❯

or efficiency, of the Cyber Security team, by identifying innovative, problem-solving solutions. Create and maintain appropriate standard operating procedures for the Cyber Security and information protection. Support on Analysis & Planning Activities Identify, respond, predict and analyse security breaches and threats to determine their root cause and report findings to relevant stakeholders on cyber-security threats, attacks, incidents, and … Information Security Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction within mandate Assessment of the organisation's technology risk exposure and measurement of the various parameters that make up technology risks. Support the Design for your area of responsibility Work closely with other stakeholders to design, architect, consult … the desired outcomes and success criteria which is to be the baseline for post project review and benefit realisation validation, as well as measuring positive effects. Contribute to project risk management consulting and technical reviews, drafting mitigation plans and delivering on any actionable items allocated Draft procedures and or policies with regards to cyber security submitting them to the More ❯

known as the CASP+) Certification required Must have a solid understanding of security practices and policies and hands-on vulnerability testing experience using Customer tools. Must have experience applying Risk Management Framework. Must have experience formulating and assessing IT security policy. Must have demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark hardware … Five (05) years of experience with Defense in Depth Principals/technology (including access control, authorization, identification and authentication, public key infrastructure, network and enterprise security architecture) and applying risk assessment methodology to system development. Experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis More ❯

security standards. Participate in incident response activities, including identifying, reporting, and helping to resolve security incidents. Contribute to the development and delivery of security awareness training for staff. Drive Risk Management: Perform risk analysis for system changes, contribute to the Risk Management Framework process and recommend security solutions to address any identify gaps. Maintain Security Documentation … Ensure all system documentation is up to date. POAMs: Manage and Maintain Plans of actions and milestones, by tracking remediation efforts, validating closure evidence, prioritizing and communicating risk, and ensuring timely. Oversee Configuration Management: Manage changes to security-relevant software, hardware, and firmware to maintain system security. Basic Qualifications: As a requirement of this position, all candidates must be … II. Preferred Qualifications: Experience Shaping policies and programs for DoD information security initiatives. Knowledge of NIST guidance (SP 800-37, 800-53, 800-161) and JSIG guidance. Hands-on risk assessment experience that incorporates system/mission requirements and operation constraints. Splunk Experience to enhance your threats detection capabilities. Other Requirements: Must have an active Secret clearance with the More ❯