Enterprise Risk Analyst

American Management Group, LLC (AMG)

Manassass, Virginia

JOB DETAILS
JOB TYPE
Full-time
SKILLS
Accidental Death and Dismemberment (AD&D), Analysis Skills, Automation Systems, CompTIA Security+, Computer Science, Federal Contracts, Fitness, Home Automation, Information Technology & Information Systems, Insurance, Internet Security, Internet of Things, Mathematics, Medical Equipment, Microsoft Excel, Microsoft Visio, Network Connectivity, Network Security, Physical Security, Risk, Risk Analysis, Risk Management, System Operations, Systems Analysis, Technology Analysis
LOCATION
Manassass, Virginia
POSTED
Today

Position Title: Enterprise Risk Analyst

The experienced Risk Analyst role executes the VA Enterprise Risk Analysis process using a custom ERA tool to identify key cyber security risk factors in network connected medical devices and Special Purpose Systems (e.g., building automation systems, physical security systems, operational technology). These risk factors are summarized, evaluated, and reported using quantitative and qualitative scores to provide a VA authorizing official with awareness of the residual cyber risk prior to connecting these devices to the VA network. The Risk Analyst must acquire, review and leverage system documentation and data gathered through questionnaires and interviews with customers in the field and vendor/manufacturer representatives to accurately document critical security posture elements in a common reporting format. These elements include hardware/software inventory, communications profile, system interconnections, data types and stores, and the presence or lack of security controls, settings and mechanisms for a given device type. The Risk Analyst performs annual reviews to support effective continuous monitoring and to ensure documented residual risks are current, accurate, and complete. The analyst works within a Risk Management team and is expected to collaborate with Federal and contractor team mates to achieve best outcomes for the ERA process.

 

You Have:

  • Experience with Cybersecurity, risk management, or risk assessment for complex systems

  • Experience with NIST SP 800-53 and NIST SP 800-30

  • Experience with documenting and depicting network topology and network protocols

  • Ability to engage directly with clients, and third parties to facilitate enterprise risk analysis

  • Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements

  • Bachelor’s degree in Computer Science, Mathematics, Engineering or technical discipline and 10 years of relevant work experience or 18 years of relevant work experience in lieu of degree

Nice If You Have:

  • Experience with cybersecurity analysis of medical technology or Internet of Things (IoT)

  • Experience with Governance, Risk, and Compliance (GRC)

  • Experience with Assessment and Authorization (A&A) and eMASS

  • Experience with Excel and Visio

  • CompTIA Security+ or Certified Risk Management Professional (CRISC) or Certified in Risk and Information Systems Control (CRISC)

  • Public Trust clearance

    The hourly rate of pay for this position is $64.47/hr
    Benefits: PTO, Medical/Dental/Vision plan, Life and AD&D insurance, 401K Plan

    We are an Equal Opportunity Employer:
    We do not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, national origin, age, disability, genetic information or any other characteristics protected by law. 
    This organization participates in E-Verify.

    #DICE

About the Company

A

American Management Group, LLC (AMG)