26 to 50 of 474 Permanent Risk Analysis Jobs

products and services, recommending best-fit solutions. Support incident investigations and security control enhancements. Ensure security architectures align with industry frameworks such as TOGAF and SABSA. Key Deliverables Gap Analysis Report: Assessing current security posture against NIST 800-53. Security Control Mapping: Documenting alignment of existing controls with compliance frameworks. Implementation Plans: Designing and deploying new security controls. … least 2 years in a similar role. Strong knowledge of NIST 800-53, ISO27001, PCI DSS, and COBIT. Experience with security frameworks (SABSA, TOGAF). Understanding of threat and risk analysis methodologies. Experience in cloud security (Azure, AWS, Google). Ability to work in high-security HMG and MOD environments. Desirable Certifications CompTIA Security+, CISSP, CISM, CCSP, TOGAF … SABSA SCF. CESG Certified Cyber Professional (CCP) in Security Architecture or Risk Management. ISO27001 Lead Auditor. More ❯

current and desired system security architecture. Assessing and mitigating system security threats and risks throughout the program life cycle. Leading and/or contributing to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for various system and networking operations. Effectively collaborating with other internal technical experts on a day-to-day basis. Communicating … providing advice to Program Managers, Customer technical experts, and internal program teams. Formulating security compliance requirements for new system features. Identifying and remediating security issues throughout the system. Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other IA program support functions. Working with development teams to enrich team-wide understanding of different types … relevant type 1 devices. Basic Qualifications: Must have a solid understanding of security practices and policies and hands-on vulnerability testing experience using Customer tools. Must have experience applying Risk Management Framework. Must have experience formulating and assessing IT security policy. Must have demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP, and Wireshark; hardware More ❯

computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies. Validates and verifies system security requirements definitions and analysis and establishes system security designs. Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, and enclave environments to include … design and implementation of trusted relations among external systems and architectures. Assesses and mitigates system security threats/risks throughout the program life cycle. Contributes the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations. Reviews certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its … to: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification, authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security More ❯

cloud security and compliance to support a U.S. Government customer. This role involves leading and contributing to system security engineering efforts, authorization and accreditation (A&A) activities, and enterprise risk management across complex cloud environments. The ideal candidate has proven experience supporting continuous monitoring operations, conducting security control assessments, and advising technical teams and leadership on system architecture and … cross domain solutions and common architecture design patterns. • Consult with project teams on system architecture and security posture. • Support continuous monitoring, analyze security scans (Rapid7, Nessus, Qualys), and document risk mitigation steps. • Create, manage, and close Plans of Action and Milestones (POA&Ms). • Utilize compliance tracking tools such as Xacta 360, RSA Archer, and Risk Vision. • Apply … the Common Control Provider model under the NIST Risk Management Framework. • Collaborate with SCAs to prepare complete and accurate security control packages. • Conduct information system security engineering and contribute to evolving SOPs to meet mission objectives. • Advise leadership on the security of cloud infrastructure, services, and emerging threats. Mandatory Skills & Experience • Demonstrated experience with Sponsor or specific A&A More ❯

programs. What You'll Do: Be the Security Advocate: Work closely with the Information Systems Security Manager (ISSM) to drive information assurance initiatives, including security authorization activities, compliance with Risk Management Framework (RMF) policies, and the development of System Security Plans (SSPs). Strengthen Our Defense: Perform Security Technical Implementation Guide (STIG) reviews, self-assessments, and participate in Assessment … potential risks. Shape Security Policy: Use your expertise to apply a comprehensive range of cybersecurity policies, principles, and techniques to maintain the integrity of systems processing classified information. Drive Risk Management: Perform risk analysis for system changes, contribute to the Risk Management Framework process, and recommend security solutions to address any identified gaps. Collaborate with Experts … programs for Federal or DoD information security initiatives. Knowledge of NIST guidelines (SP 800-37, 800-53, 800-53A) and proven experience in Security Control Assessment. Hands-on risk assessment experience that incorporates system/mission requirements and operational constraints. Knowledgeable of vulnerability tools (i.e. ACAS, Tenable, Nessus) Knowledgeable of DISA STIGs and technical security compliance guidance Splunk More ❯

known as the CASP+) Certification required Must have a solid understanding of security practices and policies and hands-on vulnerability testing experience using Customer tools. Must have experience applying Risk Management Framework. Must have experience formulating and assessing IT security policy. Must have demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark hardware … Five (05) years of experience with Defense in Depth Principals/technology (including access control, authorization, identification and authentication, public key infrastructure, network and enterprise security architecture) and applying risk assessment methodology to system development. Experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis More ❯

security standards. Participate in incident response activities, including identifying, reporting, and helping to resolve security incidents. Contribute to the development and delivery of security awareness training for staff. Drive Risk Management: Perform risk analysis for system changes, contribute to the Risk Management Framework process and recommend security solutions to address any identify gaps. Maintain Security Documentation … Ensure all system documentation is up to date. POAMs: Manage and Maintain Plans of actions and milestones, by tracking remediation efforts, validating closure evidence, prioritizing and communicating risk, and ensuring timely. Oversee Configuration Management: Manage changes to security-relevant software, hardware, and firmware to maintain system security. Basic Qualifications: As a requirement of this position, all candidates must be … II. Preferred Qualifications: Experience Shaping policies and programs for DoD information security initiatives. Knowledge of NIST guidance (SP 800-37, 800-53, 800-161) and JSIG guidance. Hands-on risk assessment experience that incorporates system/mission requirements and operation constraints. Splunk Experience to enhance your threats detection capabilities. Other Requirements: Must have an active Secret clearance with the More ❯

security standards. Participate in incident response activities, including identifying, reporting, and helping to resolve security incidents. Contribute to the development and delivery of security awareness training for staff. Drive Risk Management: Perform risk analysis for system changes, contribute to the Risk Management Framework process and recommend security solutions to address any identify gaps. Maintain Security Documentation … Ensure all system documentation is up to date. POAMs: Manage and Maintain Plans of actions and milestones, by tracking remediation efforts, validating closure evidence, prioritizing and communicating risk, and ensuring timely. Oversee Configuration Management: Manage changes to security-relevant software, hardware, and firmware to maintain system security. Basic Qualifications: As a requirement of this position, all candidates must be … II. Preferred Qualifications: Experience Shaping policies and programs for DoD information security initiatives. Knowledge of NIST guidance (SP 800-37, 800-53, 800-161) and JSIG guidance. Hands-on risk assessment experience that incorporates system/mission requirements and operation constraints. Splunk Experience to enhance your threats detection capabilities. Other Requirements: Must have an active Secret clearance with the More ❯

policies, standards, and procedures, and ensuring compliance with regulations like GDPR, HIPAA, and PCI-DSS. Incident Response : Planning and executing incident response strategies, including detection, containment, eradication, and recovery. Risk Management : Identifying, assessing, and mitigating security risks through risk analysis and management frameworks. Security Architecture Design : Creating and maintaining security architecture frameworks and models, such as SABSA More ❯

LEAD IT RISK & CONTROL WHAT IS THE OPPORTUNITY? "The Lead IT Risk Controls Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment. Focus areas of security assessment by the Lead ITRC Security Analyst includes third party security and overall … This requires routinely authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information. The Lead ITRC tkeeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's … overall risk appetite. The Lead ITRC serves as an expert area of specialization. This role is a working lead that provides functional guidance and may coordinates or supervise the daily activities of individual contributors or working teams in areas of specialization.Provides input on resources planning, procedures," WHAT WILL YOU DO? "Define analysis objectives, collect data from internal and More ❯

LEAD IT RISK & CONTROL WHAT IS THE OPPORTUNITY? "The Lead IT Risk Controls Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment. Focus areas of security assessment by the Lead ITRC Security Analyst includes third party security and overall … This requires routinely authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information. The Lead ITRC tkeeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's … overall risk appetite. The Lead ITRC serves as an expert area of specialization. This role is a working lead that provides functional guidance and may coordinates or supervise the daily activities of individual contributors or working teams in areas of specialization.Provides input on resources planning, procedures," WHAT WILL YOU DO? "Define analysis objectives, collect data from internal and More ❯

and reduce overall organizational risk. Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program. Advise senior management (e.g., Chief Information Officer CIO ) on risk levels and security posture. Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements. Advise appropriate senior leadership or … architecture (EISA) with the organization's overall security strategy. Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed. Evaluate cost/benefit, economic, and risk analysis in decision-making process. Identify alternative information security strategies to address organizational security objectives. Identify information technology (IT) security program implications of new technologies or technology upgrades. … Network Defense information. Interpret and/or approve security requirements relative to the capabilities of new information technologies. Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program. Lead and align information technology (IT) security priorities with the security strategy. Lead and oversee information security budget More ❯

and reduce overall organizational risk. Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program. Advise senior management (e.g., Chief Information Officer CIO ) on risk levels and security posture. Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements. Advise appropriate senior leadership or … architecture (EISA) with the organization's overall security strategy. Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed. Evaluate cost/benefit, economic, and risk analysis in decision-making process. Identify alternative information security strategies to address organizational security objectives. Identify information technology (IT) security program implications of new technologies or technology upgrades. … Network Defense information. Interpret and/or approve security requirements relative to the capabilities of new information technologies. Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program. Lead and align information technology (IT) security priorities with the security strategy. Lead and oversee information security budget More ❯

computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies. Validates and verifies system security requirements definitions and analysis and establishes system security designs. Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, and enclave environments to include … design and implementation of trusted relations among external systems and architectures. Assesses and mitigates system security threats/risks throughout the program life cycle. Contributes the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations. Reviews certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its … to: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification, authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security More ❯

Role overview: Working for a security vendor, the Security team are accountable for the company's Information Security, Security Architecture, Security Compliance, Security Awareness, Security Operations and Information Security Risk Management Activities. You'll work closely with development and operational teams to design, implement/recommend application security controls. This is a new role for the company requiring a … will have a background in software development. Main tasks and responsibilities: Assess and identify gaps in current application security controls and provide guidance to resolve and remediate based on risk to the business Working with the DevOps teams, establish and design processes to improve the secure development of products and services during the SDLC Provide guidance and support during … with knowledge of Application Security Frameworks e.g. OWASP SAMM/DSOMM etc Hands-on knowledge of information security processes such as security design review, threat modelling, OWASP Top 10, risk analysis, and software testing techniques Strong understanding of application security awareness, including the security of web applications Experience with risk management activities - identifying, assessing and providing remediation More ❯

and with little supervision. • Excellent interpersonal skills, sound judgment, and organizational/administrative skills. • Ability to communicate and interact with diverse technical and non-technical groups. DESIRED SKILLS: • Malware analysis or digital computer forensics experience is a plus. • Cyber related Law Enforcement or Counterintelligence experience. • Existing Subject Matter Expert of Advanced Persistent Threats and Emerging Threats. • Understanding of risk … technology from device turn on to power off, network functions (SMS, MMS, Voice, Data) and cellular system functions. • Understanding of wireless and RF technology. • Understanding and experience in conducting risk analysis, risk management, infosec, system testing and client structures. TECHNOLOGIES USED: Operating Systems: • Microsoft Windows (7 - 10, Server ) • UNIX (Solaris, HP-UX, etc.,) Operating System versions • Common More ❯

Compliance Assessment Solution (ACAS) Experience with the use fo the DoD/DISA Vulnerability Management System (VMS) and Electronic Enterprise Mission Assurance Support Service (eMASS) Experience performing vulnerability/risk assessment analysis to support Assessment & Authorization (A&A). Understanding and hands on experience in RMF processes and activities to obtain and maintain system ATO. Advanced written and … related acquisition documents. Minimum years of experience: Up to two (2) years of Information Assurance/Cybersecurity (IA/CS) experience is required. Qualified candidates will have experience with Risk Management Framework (RMF), Up to two (2) years of experience with security controls and implementation delineated in Committee of National Security Systems Education: BS in Computer Science, Information Systems … Management, or related area of study. Desired Requirements Experience with effective policy, instruction, and development for Federal or DoD Information Security Programs. Experience with risk analysis and assessment determinatiions Experience with Xacta. Current CI polygraph. Other Qualifications Current active TS/SCI DoD Security Clearance Possess DoD Approved Baseline Certification as Information Assurance Manager Level II in accordance More ❯

of an organization to identify needs and use cases, develop a set of requirements, design a solution, and implement that solution, all using Splunk. • Conduct thorough threat assessments and risk analysis to identify potential vulnerabilities and security gaps. • Assist with Getting Data In (GDI) in the context of an implementation • Design and execute proactive threat hunting strategies to … attack vectors and methodologies. • Strong analytical and problem-solving skills, with the ability to analyze large datasets and identify actionable insights. • Experience with additional security tools a plus including, risk tools, BAS/CART, EDR, Kali, IDS/IPS, Firewall, MFA. 5. Experience with both Linux and Windows, including the Linux command line and tools such as vi. 6. … effectively, across levels of an organization. 8. A self-starter who can remain motivated when working individually. 9. 2-5 years of consulting experience. 10. Familiarity with GRC (governance, risk & compliance) experience a plus - NIST, FISMA, HIPPA, etc. More ❯

compliance with Department of Defense (DoD) security policies. Key Responsibilities: Monitor and analyze system security logs and alerts to identify suspicious activities and potential threats. Support vulnerability assessments and risk analysis activities. Implement security controls in accordance with DoD cybersecurity regulations and RMF (Risk Management Framework). Assist with security incident response, containment, investigation, and remediation efforts. More ❯

experience in applying the following capabilities in complex environments: enterprise architecture, solution architecture, systems architecture, large-scale transformation projects, program/project management, transition management, operational concept development, alternatives analysis, gap/impact/risk analysis, operational and business analysis, and managing complex projects. Other duties as assigned Requirements Education: Bachelor's degree in a related … standards, and methodologies related to enterprise architecture, solution architecture, and program management. Ability to work in Agile environments and apply solution architecture principles to transformation projects. Proficiency in data analysis, visualization, and decision support tools and techniques. Desired Skills and Competencies: Experience with office equipment (e.g. copiers, postage meters, audio/visual) Knowledge of database management, reporting and data More ❯

development of high level security compliant architecture and contribution to the design of the preliminary and detailed designs of the solution: it includes the study of alternatives and a risk assessment Consult on potential security components architectures (e.g. SIEM, IAM, gateways, detection and deception capabilities ) Evaluate architectures against Business Line policy and major cyber security standards & regulation frameworks (NIST … You are proficient with Infrastructure Security Design, Security Supervision Design, and Information Systems Security (ISS) You can advise and give support to the rest of the team Familiar with Risk Analysis, Network Security, Cryptography, Identity & Access Management (software/hardware development, the NIST Cybersecurity Framework, cloud technologies) Able to monitor and measure risk as well as compliance … You have the ability to work with customers and technical teams NICE TO HAVE: Domain knowledge - Defence, Nuclear, Government, Aerospace, CNI, Transport Risk Management and Accreditation YOUR CAREER AT THALES Future opportunities will allow you to discover other domains or sites. You will be able to evolve and grow your competences in different areas: Room and attention to personal More ❯

architectures. Design and integrate IA/security systems across multi-enclave environments with varying classification levels. Collaborate with architects and developers to embed security functionality into system designs. Lead risk analysis, threat mitigation, and security planning throughout the system lifecycle. Review and provide feedback on Certification & Accreditation (C&A) documentation. Evaluate and test security solutions, software, and configurations … for a bachelor's degree. DoD 8570 compliance with IASAE Level 3 is required. Both Information Systems Security Engineering Professional (ISSEP) and CISSP Certifications are required. Demonstrated expertise in: Risk Management Framework (RMF) Security policy formulation and assessment Vulnerability testing and mitigation Security tools (e.g., Nessus, NMAP, Wireshark) Secure OS configurations and system hardening Strong communication skills and ability More ❯

critical in ensuring the cybersecurity integrity of classified and unclassified systems across the system development lifecycle (SDLC). The ideal candidate will have deep experience with DoD cybersecurity frameworks, Risk Management Framework (RMF), and secure systems engineering. As an Information Systems Security Engineer (ISSE) with JRC, you will Serve as the lead ISSE for DoD systems, ensuring compliance with … CNSSI 1253. Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms). Conduct security architecture reviews, vulnerability assessments, and risk analyses for DoD systems. Collaborate with system engineers, developers, and ISSMs to integrate cybersecurity into system design and implementation. Support Authorization to Operate (ATO) efforts under the DoD RMF More ❯

vulnerabilities in ICS/OT environments. Apply DISA Security Technical Implementation Guides (STIGs) to harden operating systems, applications, and network devices within control system architectures. Conduct vulnerability assessments and risk analyses on control systems using various automated and manual techniques to identify and mitigate potential security gaps. Collaborate with architecture and engineering teams to ensure cybersecurity measures are integrated … into system designs both pre and post-construction. Support the development, documentation, and submission of System Security Plans (SSPs), Risk Management Framework (RMF) artifacts, and compliance reports aligned with UFGS standards to achieve and maintain Authorization to Operate (ATO). Utilize eMASS to input, track, and manage cybersecurity controls, vulnerabilities, and ATO packages under senior engineer guidance. Perform security … time in rare cases. Common duration is 1 week onsite. Passport holders are preferred. Preferred Qualifications Familiarity with post-construction phases of facility-related control system projects. Experience with Risk Management Framework (RMF) or DoD cybersecurity compliance processes, including ATO lifecycle management. Hands-on experience using eMASS for control implementation, documentation, or reporting. Experience running SCAP scans and applying More ❯

orbiting and beyond earth orbit businesses. Role/Responsibilities/Qualifications Stellar Solutions is seeking a candidate with a solid foundation in systems engineering principles, a deep understanding of risk management methodologies, and experience working with complex systems within the space industry. They will also possess excellent communication, problem-solving, and teamwork skills. This position is full-time on … LAAFB. The qualified System of Systems Engineer (SoSE)/Risk Manager will have: Required skills : Systems Engineering Expertise: Minimum of 5-7 years of experience in systems engineering, with a focus on complex systems, preferably within the space industry. Experience with System of Systems (SoS) engineering principles is highly desirable. Demonstrated experience in risk management processes and techniques … documentation. System of Systems (SoS) Engineering: Familiarity with SoS concepts, architectures, and challenges. Experience in integrating heterogeneous systems and managing interdependencies. Understanding of emergent behavior and SoS-specific risks. Risk Management: Proficiency in risk identification, assessment, mitigation, and monitoring. Experience with risk management frameworks and tools (e.g., ISO 31000). Ability to develop and implement risk More ❯