Cybersecurity Analyst

Cybersecurity Analyst - Governance, Risk, and Compliance Location US-OH-Beavercreek ID 2024-3560 Category Information Security Department Position Type Full Time Salary Riverside Overview Riverside Research is an independent National Security Nonprofit dedicated to research and development in the national interest. We provide high-end technical services, research and development, and prototype solutions to some of the country's most challenging technical problems. All Riverside Research opportunities require U.S. Citizenship. Position Overview Riverside Research is seeking a Cybersecurity Governance, Risk and Compliance (GRC) Analyst for the company's corporate enterprise information systems. The individual is responsible for supporting the development, assessment, and execution of security controls aimed at minimizing risk exposure and meeting corporate and regulatory security requirements. As a member of the enterprise team, the individual will have exposure to a broad array of emerging and dynamic technologies necessary to keep Riverside Research on the leading edge of our customers' needs. This Riverside Research opportunity requires U.S. Citizenship. The position is based in Beavercreek, OH with a hybrid schedule. Live or relocate to a commutable distance to Beavercreek, Ohio and surrounding areas. Responsibilities Conduct security control design assessments Conduct recurring operating effectiveness audits to identify potential control failures Support root cause analyses for control failures and provide recommendations for improvement Contribute updates to relevant System Security Plans (SSP) Maintain GRC platform deficiency registers Support operational control processes and user requests for support Maintain systems of record for exemptions to policy Contribute to security and risk impact analysis for information technology components and services Develop system compliance artifacts & body of evidence (BOE) Contribute to corporate policy and procedure development Contribute to enterprise security awareness and training Support corporate incident response processes Qualifications Bachelor's degree in an information technology or cybersecurity related field with five (5) years relevant experience Working experience with IT or cybersecurity risk & control frameworks (CMMC, NIST CSF, NIST RMF, PCI-DSS, FedRAMP, CSA STAR, ISO 27000 series, etc.) Ability to demonstrate understanding of relationships between data sensitivity and security control selection, design, implementation, and evaluation Knowledge of modern enterprise-scale IT environments Security control assessment and/or audit experience Excellent written, verbal, and inter-personal communications skills Proficient in delivering on multiple priorities simultaneously Innovative self-starter with strong analytical, problem-solving, and organization skills Ability to work independently with minimal direction Desired Qualifications: Master's degree in an information technology or cybersecurity related field Industry-recognized cybersecurity or information security certifications (CASP, Sec+, CISSP, CCSP) Technical audit experience Experience in regulated industries (i.e. Defense, Finance, Healthcare, Telecommunications) Familiarity with FAR/DFARS requirements pertaining FCI, CDI, CUI, & CMMC Familiarity with Windows and Linux Operating system management in an enterprise context Understanding of enterprise authentication methods (AD, EntraID, ADFS, SAML) Understanding of cloud service and deployment models and shared responsibilities Working knowledge of cloud technologies (Azure, AWS, Google Cloud, etc.) Prior system administrator or net