Senior Information Security Risk & Compliance Analyst

Senior Information Security Risk & Compliance Analyst

Location: Onsite Virginia

< data-start="187" data-end="211">Job Overview:

We are seeking a highly skilled Senior Information Security Risk & Compliance Analyst to join our team in Virginia. The ideal candidate will have extensive experience in NIST Risk Management Framework (RMF), security compliance, vulnerability assessment, and Windows server platform management. This role requires expertise in security assessments, risk analysis, and compliance reporting to ensure adherence to federal security regulations, including NIST Special Publications, FIPS, and FedRAMP.

< data-start="734" data-end="766">Key Responsibilities:

• Utilize NIST RMF to assess security controls, identify gaps, and measure control effectiveness.
• Ensure compliance with NIST 800 Special Publications, Federal Information Processing Standards (FIPS), and FedRAMP.
• Develop and maintain Security Authorization & Assessment (SA&A) documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Risk Assessments.
• Conduct Security Impact Assessments, Authorization Packages, and Risk Mitigation Strategies.
• Perform vulnerability assessments using security tools such as Nessus and Nexpose, and implement remediation strategies.
• Track and report on Plans of Action and Milestones (POAMs) to closure.
• Coordinate third-party risk assessments and IT audits to ensure compliance with internal security policies.
• Manage remediation efforts and report on the status of control deficiencies.
• Support global information security metrics, reporting programs, and policy enforcement.
• Provide security expertise to business units and key stakeholders.

< data-start="1867" data-end="1902">Required Qualifications:

Bachelor s degree in Computer Science, Engineering, or a related field with a focus on Information Security.
10 years of experience in Information Security.
5 years of experience in building and managing Windows server platforms.
Expertise in NIST Risk Management Framework (RMF) for risk assessments, compliance, and security documentation.
Strong understanding of federal security regulations (NIST 800, FIPS, FedRAMP).
Experience with security scanners (Nessus, Nexpose, etc.) and vulnerability remediation.
Ability to conduct risk assessments, security impact evaluations, and compliance audits.
Knowledge of IT security best practices, risk mitigation strategies, and security authorization processes.

< data-start="2689" data-end="2725">Preferred Qualifications:

Experience in cloud security (AWS, Azure, FedRAMP-compliant systems).
Certifications such as CISSP, CISM, CISA, Security , or CEH.
Experience with security frameworks and compliance tools.

If you meet the qualifications and are passionate about cybersecurity, risk management, and compliance, we encourage you to apply!

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.