What are the responsibilities and job description for the Senior Information Security Risk & Compliance Analyst position at Apexon?
Job Details
Senior Information Security Risk & Compliance Analyst
Location: Onsite Virginia
< data-start="187" data-end="211">Job Overview:We are seeking a highly skilled Senior Information Security Risk & Compliance Analyst to join our team in Virginia. The ideal candidate will have extensive experience in NIST Risk Management Framework (RMF), security compliance, vulnerability assessment, and Windows server platform management. This role requires expertise in security assessments, risk analysis, and compliance reporting to ensure adherence to federal security regulations, including NIST Special Publications, FIPS, and FedRAMP.
< data-start="734" data-end="766">Key Responsibilities:- Utilize NIST RMF to assess security controls, identify gaps, and measure control effectiveness.
- Ensure compliance with NIST 800 Special Publications, Federal Information Processing Standards (FIPS), and FedRAMP.
- Develop and maintain Security Authorization & Assessment (SA&A) documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Risk Assessments.
- Conduct Security Impact Assessments, Authorization Packages, and Risk Mitigation Strategies.
- Perform vulnerability assessments using security tools such as Nessus and Nexpose, and implement remediation strategies.
- Track and report on Plans of Action and Milestones (POAMs) to closure.
- Coordinate third-party risk assessments and IT audits to ensure compliance with internal security policies.
- Manage remediation efforts and report on the status of control deficiencies.
- Support global information security metrics, reporting programs, and policy enforcement.
- Provide security expertise to business units and key stakeholders.
Bachelor s degree in Computer Science, Engineering, or a related field with a focus on Information Security.
10 years of experience in Information Security.
5 years of experience in building and managing Windows server platforms.
Expertise in NIST Risk Management Framework (RMF) for risk assessments, compliance, and security documentation.
Strong understanding of federal security regulations (NIST 800, FIPS, FedRAMP).
Experience with security scanners (Nessus, Nexpose, etc.) and vulnerability remediation.
Ability to conduct risk assessments, security impact evaluations, and compliance audits.
Knowledge of IT security best practices, risk mitigation strategies, and security authorization processes.
Experience in cloud security (AWS, Azure, FedRAMP-compliant systems).
Certifications such as CISSP, CISM, CISA, Security , or CEH.
Experience with security frameworks and compliance tools.
If you meet the qualifications and are passionate about cybersecurity, risk management, and compliance, we encourage you to apply!