26 to 50 of 307 Permanent Risk Assessment Jobs

Senior Business Analyst With Risk Our Client - an international Bank is looking to recruit a Senior Business Analyst with at least 5 to 7 years experience as Business Analyst. The team has a responsibility to deliver to a set of expected standards being set by the Regulatory Reporting Assurance programme, and delivers to a standard playbook defined by the … Basel 3 Reforms central Operating model and controls function. The role holder will be working with process owners, service owners and Risk and Control colleagues to define the operating model that will be in place following the implementation of the Basel 3 Reforms, and to define any interim operating models required until the reforms are implemented. This operating model … controls for the Basel 3 Reforms programme. Key Accountabilities: To document the business process controls, IT general controls and Business Application Controls and ensure full syndication and approval from Risk Stewards, Risk Owners, Controls Office and Control Owners To Support senior stakeholders globally through complex process change and systems change delivery activities Deal with conflicting priorities across global More ❯

to ensure systems are secure, compliant, and properly configured according to federal regulations. Additionally, in this position you will: Strengthen Our Defense: Perform Security Technical Implementation (STIG) review, Self-Assessment, and participate in Assessment & Authorizations testing to ensure our system stay secure and compliant. Shape Security Policy: use your expertise to apply a comprehensive range of cybersecurity policies … security standards. Participate in incident response activities, including identifying, reporting, and helping to resolve security incidents. Contribute to the development and delivery of security awareness training for staff. Drive Risk Management: Perform risk analysis for system changes, contribute to the Risk Management Framework process and recommend security solutions to address any identify gaps. Maintain Security Documentation: Ensure … all system documentation is up to date. POAMs: Manage and Maintain Plans of actions and milestones, by tracking remediation efforts, validating closure evidence, prioritizing and communicating risk, and ensuring timely. Oversee Configuration Management: Manage changes to security-relevant software, hardware, and firmware to maintain system security. Basic Qualifications: As a requirement of this position, all candidates must be a More ❯

to ensure systems are secure, compliant, and properly configured according to federal regulations. Additionally, in this position you will: Strengthen Our Defense: Perform Security Technical Implementation (STIG) review, Self-Assessment, and participate in Assessment & Authorizations testing to ensure our system stay secure and compliant. Shape Security Policy: use your expertise to apply a comprehensive range of cybersecurity policies … security standards. Participate in incident response activities, including identifying, reporting, and helping to resolve security incidents. Contribute to the development and delivery of security awareness training for staff. Drive Risk Management: Perform risk analysis for system changes, contribute to the Risk Management Framework process and recommend security solutions to address any identify gaps. Maintain Security Documentation: Ensure … all system documentation is up to date. POAMs: Manage and Maintain Plans of actions and milestones, by tracking remediation efforts, validating closure evidence, prioritizing and communicating risk, and ensuring timely. Oversee Configuration Management: Manage changes to security-relevant software, hardware, and firmware to maintain system security. Basic Qualifications: As a requirement of this position, all candidates must be a More ❯

to ensure systems are secure, compliant, and properly configured according to federal regulations. Additionally, in this position you will: Strengthen Our Defense: Perform Security Technical Implementation (STIG) review, Self-Assessment, and participate in Assessment & Authorizations testing to ensure our system stay secure and compliant. Shape Security Policy: use your expertise to apply a comprehensive range of cybersecurity policies … security standards. Participate in incident response activities, including identifying, reporting, and helping to resolve security incidents. Contribute to the development and delivery of security awareness training for staff. Drive Risk Management: Perform risk analysis for system changes, contribute to the Risk Management Framework process and recommend security solutions to address any identify gaps. Maintain Security Documentation: Ensure … all system documentation is up to date. POAMs: Manage and Maintain Plans of actions and milestones, by tracking remediation efforts, validating closure evidence, prioritizing and communicating risk, and ensuring timely. Oversee Configuration Management: Manage changes to security-relevant software, hardware, and firmware to maintain system security. Basic Qualifications: As a requirement of this position, all candidates must be a More ❯

Lead, Assessment and Authorization Opening Aberdeen Proving Grounds Baltimore, MD Paragone Solutions is seeking an Assessment and Authorization Lead who is responsible for the deliverables, managing project artifacts, and managing staff and performance. This is a full-time, on-site position located at Aberdeen Proving Ground, MD. Experience with classified authorizations required, NSA or other is desired. Must … SCI and Poly. If a candidate does not have a polygraph, they must be willing to undergo a polygraph investigation. Description - Serves as the on-site lead for the Assessment and Authorization team, responsible for the team tasking, deliverables, and managing project artifacts. - Perform all ISSO duties and responsibilities in DODI 8500.01, DODI 8510.01, and AR 25-2. … Direct experience with providing expert support, analysis and research in Intelligence Community (IC) and DoD Risk Management Framework (RMF) requirements and processes to support the IC, DoD and Army RMF assessment and authorization processes - Includes experience as a technical SME, Information System Security Officer (ISSO) or Information Security System Engineer (ISSE) on Army Program Of Record (POR)/ More ❯

the highest level of system security. • Develop and maintain formal documentation, including NSS-specific SOPs and Concept of Operations (CONOPs), to streamline and enhance the authorization process. • Analyze cyber risk indicators stemming from system threats and vulnerabilities and provide detailed cybersecurity risk recommendations in support of NSS continuous monitoring activities. • Research, develop, and implement policies to improve the … effectiveness and efficiency of the security authorization process while minimizing operational impacts on critical NSS systems. • Conduct vulnerability scans, create Body of Evidence (BoE) artifacts, and produce Security Assessment Reports (SARs) to document risk levels and recommended mitigations. • Provide in-depth analysis of cyber threat actor behavior and create detailed white papers to inform DHS NSS of potential … risks and threat trends. • Actively participate in security meetings, including engineering review boards and cybersecurity supply chain risk management (C-SCRM) sessions, to inform and support NSS initiatives. • Develop automated assessment tools and dashboards to support continuous monitoring and ongoing authorization processes, leveraging tools like Splunk, Tenable, and Axonius. Basic Qualifications: • Bachelor's Degree in Information Technology, Cybersecurity More ❯

strategy and roadmap, ensuring our security posture meets the requirements of the NHS Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus, ISO 27001:2022, and other relevant frameworks. Risk Management: Lead the information security risk management program, including the identification, assessment, mitigation, and monitoring of risks across all systems and operations. Policy and Governance: Support and … creation and enforcement of security policies, standards, and procedures. Incident Response: Develop, implement, and manage the security incident response plan. Leadership: Provide strong leadership and mentorship to the governance, risk, and compliance team. Essential Requirements: Extensive security leadership: Proven experience (10+ years) in a senior information security role, with significant experience in a CISO or equivalent position within a … sector experience: In-depth knowledge and practical experience with UK healthcare security standards and regulations, including demonstrable expertise with the NHS Data Security and Protection Toolkit (DSPT), Digital Technology Assessment Criteria (DTAC) and NCSC CAF. ISO 27001:2022 implementation & maintenance: Hands-on experience with the successful implementation, certification, and ongoing maintenance of an ISO 27001 Information Security Management System More ❯

strategy and roadmap, ensuring our security posture meets the requirements of the NHS Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus, ISO 27001:2022, and other relevant frameworks. Risk Management: Lead the information security risk management program, including the identification, assessment, mitigation, and monitoring of risks across all systems and operations. Policy and Governance: Support and … creation and enforcement of security policies, standards, and procedures. Incident Response: Develop, implement, and manage the security incident response plan. Leadership: Provide strong leadership and mentorship to the governance, risk, and compliance team. Essential Requirements: Extensive security leadership: Proven experience (10+ years) in a senior information security role, with significant experience in a CISO or equivalent position within a … sector experience: In-depth knowledge and practical experience with UK healthcare security standards and regulations, including demonstrable expertise with the NHS Data Security and Protection Toolkit (DSPT), Digital Technology Assessment Criteria (DTAC) and NCSC CAF. ISO 27001:2022 implementation & maintenance: Hands-on experience with the successful implementation, certification, and ongoing maintenance of an ISO 27001 Information Security Management System More ❯

and private sector clients where required. At the Consultant level, you will be working with clients to deliver a range of GRC projects that could range from a single risk assessment to the development of a full ISMS to assuring clients gain accreditation in accordance with the appropriate standards on highly complex programmes of work. Delivery of client … engagements to support governance, risk and compliance against a range of cyber security regulations, frameworks and standards, including ISO 27001, NIST Regulations, CAF and secure by design. Staying on top of the latest developments within Cyber Security & Information Assurance by attending training and conferences. Working with the leadership and sales team to respond to tenders and provide pre-sales … you: Experience: Security assurance, working with JSP440, JSP604 Security accreditation Secure by design Implementing security standards and frameworks, such as ISO 27001, NIST 800 and CAF Conducting Cyber Security risk assessments and managing risk management activities Good knowledge of IT systems covering traditional infrastructure, cloud platforms and SaaS Working within an operational security role or security management/ More ❯

Oliver James is proud to be partnering with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) Specialist. This role will play a crucial part in strengthening the organisation's security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance. Overview Oliver … James is proud to be partnering with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) Specialist. This role will play a crucial part in strengthening the organisation's security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance. Based in the … a competitive base salary of up to £120,000, with a total compensation package reaching £155,000 through exceptional benefits and annual/loyalty bonuses. Key Responsibilities Third-Party Risk Management: Lead and own the third-party vendor risk assessment process across a portfolio of 100-120 vendors. Review and validate vendor security documentation (e.g., SOC More ❯

functional teams (Product Engineering, DevSecOps, Regulatory, Quality) to integrate security into the product lifecycle. Define security requirements and controls based on specific use cases and threat models. Perform regular risk analyses to evaluate security threats and vulnerabilities, prioritizing uncontrolled risks with potential impacts on patient safety. Perform Security Risk Management activities to address identified vulnerabilities and security design … issues, including regular review and assessment of risk against CVEs. Establish automated processes for vulnerability scanning and remediation Educate the development and leadership teams on securing products, remote connectivity solutions, and their operating environments. Collaborate with Program Management and Regulatory teams to provide security input for audits and FDA submissions. Maintain current knowledge of FDA and other regulatory … systems. Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents. Work with DevSecOps and Software Engineers to review code static analysis and third-party software assessment reports. Required Education and Experience: Bachelor's or Master's degree in Computer Science, Cybersecurity, or related engineering equivalent. Minimum of 8 - 12 years of professional experience in product More ❯

months Central Government experience in the last 5 years is strongly preferred. As an Aker Lead Security Architect, you will be a recognised subject matter expert in security, risk management and compliance with demonstrable experience in highly regulated industries, specifically UK Government and/or Defence. You will build effective working relationships with delivery team members and Aker customers … testing (e.g ITHC) of solutions on the public cloud (Azure, AWS, GCP), cloud native platforms (Docker, Kubernetes, etc.), and Software as a Service (SaaS) solutions. Formulate HMG Information Assurance Risk Assessment and Risk Treatment Plans Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, implementing security standards such as ISO 27000 series, NIST … CSF, and CSA Identify and deliver appropriate controls based on industry standards (e.g. CCM) to drive cloud and customer security solutions framework based on business risk and cloud native threats. Provide oversight and guidance on government security procedures and processes. Continually evaluate new threats in the cloud, to identify the impact on IT and the business to develop and More ❯

We are seeking a Fully Qualified Navy Validator IV (FQNV4) to support Navy cybersecurity compliance and Risk Management Framework (RMF) activities. This role serves as an independent third-party assessor responsible for validating system security controls and ensuring compliance with Navy and DoD cybersecurity standards. Canndiate must possess a Fully Qualified Validator Certificate issued by the Navy Certification Authority … Bachelor's Degree in Computer Science from an accredited institution Target Experience: Minimum of 10 years professional experience in: RMF package development Cybersecurity Workforce (CSWF)-related work Validation and assessment of information systems Certifications Requirements: CSWF/DOD IAM Level III 8570 Certification (at least one of the following): CAP CASP+ CE CISM CISSP (or Associate) GSLC CCISO HCISPP … Clearance Requirements SECRET clearance Key Responsibilities: Validation & Assessment Perform independent third-party validation of system security controls Prepare and execute validation test procedures, plans, and reports (CDRL A012, A007) Ensure separation of duties between ISSM and Validator roles Register and maintain listing on the official Navy Qualified Validator registry Support RMF package development and compliance verification Develop Security Assessment More ❯

AFB, Honolulu, Hawaii (PACAF Headquarters) Full Time TS/SCI Eligible Position Overview The Senior Security Control Assessor (SCA) supports Pacific Air Forces (PACAF) Headquarters by conducting advanced cybersecurity risk assessments, validation, and authorization activities across the Indo-Pacific theater. This position is critical to ensuring compliance with DoD and Air Force cybersecurity standards while safeguarding mission-critical information … systems. Key Responsibilities • Cybersecurity Assessment & Authorization (A&A): o Execute RMF processes for PACAF systems, ensuring compliance with DoDI 8510.01 and NIST standards. o Validate and document technical and non-technical security controls, supporting system authorizations. • Support to SME SCA: o Provide direct analytical and technical support to the SME SCA in oversight of PACAF-wide cybersecurity authorization efforts. … o Elevate findings, risks, and recommendations to the SME SCA for senior leader decision-making. o Assist in drafting assessment methodologies, reporting templates, and theater-wide risk management strategies. • Mission Assurance & Risk Management: o Identify mission risks and recommend mitigations in alignment with operational priorities. o Support development of risk assessment models that balance mission More ❯

For more than a decade, Karthik Consulting has been a reliable and trusted advisor to our Government customers, providing independent and unbiased recommendations and solutions to mitigate risk and help solve IT issues. We bring the innovation, passion, and agility of the commercial sector to meet the unique challenges of this competitive space. Karthik Consulting is seeking Cybersecurity Specialist … program management, strategic support, and analytical services for daily operations at Headquarters, Air Force (HAF). This includes governance, planning, portfolio management, program analysis, solutions implementation planning, performance and risk tracking, IT service coordination, training support, cybersecurity, and Zerotrust and decision support. The emphasis is on translating strategy into schedules, milestones, work breakdown structures (WBS), organizational breakdown structures (OBS … will occur as requested by the government Soft Skills: • Executive communication and briefing skills • Planning and project management • Cooperation and unity of purpose • Flexibility and ongoing education • Task management • Risk assessment and management • Planning, scheduling, and milestone tracking • Analytical thinking and structured problem-solving • Cooperation and unity of purpose across diverse teams • Leadership and team management skills • Adaptability More ❯

As directed, the Intelligence Analyst will be required to attend various meetings to support the development of reports, assessments and briefings. As requested, the Intelligence Analyst shall provide preliminary assessment reports and daily/weekly/monthly updates on data submittals related to the review of the sensitive intelligence information. The Intelligence Analyst will also be involved with the … applicable regulations, guidance, and directives, to include: - Evaluation of intelligence and data related to foreign persons who may have links to counterintelligence or other national security threats; - Targeting analysis; - Risk assessment; - Threat assessment; - Mapping of data and GEOINT analysis; - Open Source/social media exploitation; - Use of analytical IT tools (query, link, visualization, etc.); - Data analysis (reactive More ❯

to work at Hurlburt Field AFB, FL. A United States Citizenship and an active TS/SCI DoD Security Clearance is required to be considered for this position. Performs assessment and authorization coordination. Advises and assists the customer with Risk Management Framework (RMF) and develops a Plan of Action and Milestones for resolving network deficiencies in accordance with … DODI 8510.01 and ICD 503. The duties of this task include assessing network compliance against controls listed in NIST 800-53 and creating A&A packages. Performs assessment, compliance, and validation of IT systems to support the Cybersecurity program. The Contractor shall execute a comprehensive assessment, compliance and validation of customer networks to ensure compliance with regulations and … security and standards. The end goal is to ensure the integrity of customer systems by identifying and mitigating potential shortcomings and vulnerabilities. Advise on network and system risks, risk mitigation courses of action, and operational. Additionally, the Cybersecurity Systems Analyst should be able to perform security evaluations and vulnerability assessments using the DOD Assured Compliance Assessment Solution (ACAS More ❯

by curiosity, and focused on doing things better every day. At EML, you won’t be asked to fit in — we’ll help you stand out. The Team The Risk & Compliance team at EML believes in rolling up their sleeves and getting things done. At EML, we don't subscribe to ivory tower compliance – the organisation seeks a hands … on leader who will engage across the organisation and understand the practical impacts and outcomes of their work. The Risk & Compliance team at EML is divided into two overarching teams: Country Risk & Compliance – hold broad responsibilities within their countries/regions and where applicable hold designated titles (such as SMF or PCF designations). They are supported in … global team of specialists but maintain ultimate decision-making authority and control via oversight of all parts of programmes and activities that impact on their country/region. Global Risk & Compliance – narrowly focussed specific functions or areas, providing deep subject matter expertise, framework design and execution support and standardisation across the group in the areas of Regulatory Compliance, Risk More ❯

by curiosity, and focused on doing things better every day. At EML, you won’t be asked to fit in — we’ll help you stand out. The Team The Risk & Compliance team at EML believes in rolling up their sleeves and getting things done. At EML, we don't subscribe to ivory tower compliance – the organisation seeks a hands … on leader who will engage across the organisation and understand the practical impacts and outcomes of their work. The Risk & Compliance team at EML is divided into two overarching teams: Country Risk & Compliance – hold broad responsibilities within their countries/regions and where applicable hold designated titles (such as SMF or PCF designations). They are supported in … global team of specialists but maintain ultimate decision-making authority and control via oversight of all parts of programmes and activities that impact on their country/region. Global Risk & Compliance – narrowly focussed specific functions or areas, providing deep subject matter expertise, framework design and execution support and standardisation across the group in the areas of Regulatory Compliance, Risk More ❯

by curiosity, and focused on doing things better every day. At EML, you won’t be asked to fit in — we’ll help you stand out. The Team The Risk & Compliance team at EML believes in rolling up their sleeves and getting things done. At EML, we don't subscribe to ivory tower compliance – the organisation seeks a hands … on leader who will engage across the organisation and understand the practical impacts and outcomes of their work. The Risk & Compliance team at EML is divided into two overarching teams: Country Risk & Compliance – hold broad responsibilities within their countries/regions and where applicable hold designated titles (such as SMF or PCF designations). They are supported in … global team of specialists but maintain ultimate decision-making authority and control via oversight of all parts of programmes and activities that impact on their country/region. Global Risk & Compliance – narrowly focussed specific functions or areas, providing deep subject matter expertise, framework design and execution support and standardisation across the group in the areas of Regulatory Compliance, Risk More ❯

by curiosity, and focused on doing things better every day. At EML, you won’t be asked to fit in — we’ll help you stand out. The Team The Risk & Compliance team at EML believes in rolling up their sleeves and getting things done. At EML, we don't subscribe to ivory tower compliance – the organisation seeks a hands … on leader who will engage across the organisation and understand the practical impacts and outcomes of their work. The Risk & Compliance team at EML is divided into two overarching teams: Country Risk & Compliance – hold broad responsibilities within their countries/regions and where applicable hold designated titles (such as SMF or PCF designations). They are supported in … global team of specialists but maintain ultimate decision-making authority and control via oversight of all parts of programmes and activities that impact on their country/region. Global Risk & Compliance – narrowly focussed specific functions or areas, providing deep subject matter expertise, framework design and execution support and standardisation across the group in the areas of Regulatory Compliance, Risk More ❯

by curiosity, and focused on doing things better every day. At EML, you won’t be asked to fit in — we’ll help you stand out. The Team The Risk & Compliance team at EML believes in rolling up their sleeves and getting things done. At EML, we don't subscribe to ivory tower compliance – the organisation seeks a hands … on leader who will engage across the organisation and understand the practical impacts and outcomes of their work. The Risk & Compliance team at EML is divided into two overarching teams: Country Risk & Compliance – hold broad responsibilities within their countries/regions and where applicable hold designated titles (such as SMF or PCF designations). They are supported in … global team of specialists but maintain ultimate decision-making authority and control via oversight of all parts of programmes and activities that impact on their country/region. Global Risk & Compliance – narrowly focussed specific functions or areas, providing deep subject matter expertise, framework design and execution support and standardisation across the group in the areas of Regulatory Compliance, Risk More ❯

in moving to the beautiful county of Derbyshire, we can provide a generous relocation package of up to £8,000 and the key duties are: Provide psychiatric assessments, including assessment of risk to self and others. Manage patients under the care of the CAMHS Crisis and Liaison pathway including risk assessment and management. Liaison with community More ❯

insights, and identify opportunities to integrate improvements and new features into the user flow and product roadmap. Advocate for user needs while balancing business requirements and technical feasibility. Innovation & Risk Management: Drive innovation by identifying emerging technologies and trends that may affect the product landscape. Proactively manage product risks, ensuring that potential roadblocks are identified and mitigated early in … and innovative approach to overcoming product challenges and seizing new opportunities. Data-Driven Decision Making: Comfortable with data analysis and making decisions based on KPIs, metrics, and performance analytics. Risk Management: Experience in risk assessment and mitigation strategies, ensuring smooth product delivery and minimizing potential disruptions. About S&P Global Ratings S&P Global Ratings is the … securities. We offer an independent view of the market built on a unique combination of broad perspective and local insight. We provide our opinions and research about relative credit risk; market participants gain independent information to help support the growth of transparent, liquid debt markets worldwide. S&P Global Ratings is a division of S&P Global (NYSE: SPGI More ❯

IT Governance Officer The successful candidate will serve as the subject matter expert on the IT operational risk assessment, controls and governance (“IT GRC”). Sitting within the IT team and acting as the first line of defence. You will closely partner with internal IT teams, Business OPC, Central IT OPC and other control functions to strengthen IT … operational processes. Key experience required IT Operational Permanent Control (OPC) Assessment Group Cybersecurity Assessment IT Audits Client Due Diligence Questionnaire and Security clauses The successful candidate will have strong and relevant experience in IT governance and operational risk management in a similar sized organisation. Knowledge of external certifications and the ability to audit the organisation’s conformance More ❯