Junior Cybersecurity Business Analyst (Controls Assessor)

Aspis Consulting is hiring a full-time Junior Cybersecurity Business Analyst (Controls Assessor) position to join our growing team. This position will be responsible for working on internal company projects as well as with clients of Aspis. You will be asked to support both our company and client information security needs. This is not a full-time remote position; candidates must be able to work at the company's offices or client job site in the Kansas City, Missouri metropolitan area. Relocation assistance will not be provided.

💡 Key Responsibilities

As a Junior Cybersecurity Business Analyst, you will work closely under the supervision of a Team Lead or Mid/Senior Cybersecurity Business Analyst to support security assessment and authorization (A&A) activities, including:

• Assisting with the review and assessment of cybersecurity controls (aligned to NIST SP 800-53 and 800-171 frameworks)

• Supporting the collection, organization, and tracking of security documentation and evidence

• Helping schedule and coordinate security tasks, reviews, and assessments across project stakeholders

• Preparing draft security artifacts, reports, and minor updates to System Security Plans (SSPs), Risk Assessment Reports, and Plan of Actions and Milestones (POA&Ms)

• Reporting status of ongoing tasks and tracking security-related requests and baselines

• Participating in control testing, data gathering, and compliance gap analysis efforts

• Learning and applying federal cybersecurity policies and best practices under the guidance of more senior analysts

🎓 Minimum Qualifications

• Bachelor’s degree (BS or BA) in Cybersecurity, Information Technology, Business, or a related field

• 2-3 years of relevant experience in cybersecurity, risk management, compliance, or IT auditing

• Familiarity with security controls assessment methodologies, such as RMF or NIST 800-53/800-171

• Strong attention to detail, communication skills, and ability to manage tasks across multiple workstreams

• Must be able to work as part of a collaborative, fast-paced team supporting federal security requirements

✅ Preferred (but not required):

• Exposure to eMASS, Xacta, or similar compliance platforms

• Security or similar entry-level cybersecurity certification

• Understanding of FISMA or FedRAMP standards

About Us

Aspis Consulting makes enterprise cybersecurity solutions and professional services accessible to all sizes of organizations from small to medium-sized businesses to large Fortune 500 enterprises; non-profits; and municipal, state, and federal government agencies. We are one of the fastest growing companies in the midwest, an award winning small business, a Certified HUBZone Small Business, Certified LGBTBE, and Certified Virginia Values Veterans company. Our Values are Integrity, Community, and Diversity. https://aspis.consulting

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or any other characteristic protected by law. We will consider for employment qualified applicants with criminal histories consistent with applicable law.