user avatar

Cybersecurity Risk Management Analyst

Cherokee Federal

Posted today

Job Requirements

Remote
Public Trust Polygraph Unspecified
Career Level not specified
$140,000 - $150,000

Job Description

Cybersecurity Risk Management Analyst

The Cybersecurity Risk Management Analyst provides advanced Governance, Risk, and Compliance (GRC) support for federal information systems in accordance with the Federal Information Security Modernization Act (FISMA) and the NIST Risk Management Framework (RMF). This role is responsible for managing Assessment & Authorization (A&A) activities, supporting external service authorizations, conducting cybersecurity risk assessments, and maintaining continuous monitoring efforts to ensure compliance with federal cybersecurity requirements.

The position requires strong analytical, documentation, and stakeholder engagement skills while working collaboratively with federal system owners, Information System Security Officers (ISSOs), Cloud Service Providers, and executive leadership to maintain secure and compliant federal systems.

Compensation & Benefits

Estimated Starting Salary Range Cybersecurity Risk Management Analyst- $140,000 - $150,000

Pay commensurate with experience.

Full-time benefits include Medical, Dental, Vision, 401(k), paid time off, and other company-sponsored benefits as provided. Benefits are subject to change with or without notice.Cybersecurity Risk Management Analyst

Assessment & Authorization (A&A)
  • Manage the full lifecycle of Risk Management Framework (RMF) activities in accordance with NIST Special Publication 800-37.
  • Develop, review, and maintain security authorization documentation including:
    • System Security Plans (SSPs)
    • Security Assessment Plans (SAPs)
    • Security Assessment Reports (SARs)
    • Plans of Action and Milestones (POA&Ms)
  • Review and evaluate FedRAMP authorization packages and package updates supporting cloud service authorization decisions.
  • Monitor Authorization to Operate (ATO) packages within the FedRAMP Secure Repository.
  • Coordinate with system owners, ISSOs, Cloud Service Providers, and security stakeholders regarding system changes and authorization activities.
  • Validate implementation of NIST SP 800-53 Rev. 5 security controls, including inherited and agency-implemented controls.
  • Conduct cybersecurity risk assessments utilizing NIST SP 800-30 methodologies.
  • Provide risk analysis and recommendations to Authorizing Officials and senior leadership.
  • Support continuous monitoring by reviewing vulnerability scans, managing POA&Ms, and coordinating remediation activities.

Governance, Risk & Compliance (GRC)
  • Peer review cybersecurity policies, standards, procedures, and implementation guidance.
  • Perform regulatory and policy analysis to ensure alignment with federal cybersecurity requirements.
  • Conduct compliance gap analyses and recommend remediation strategies.
  • Assist in developing security control overlays, baseline updates, and control tailoring guidance.
  • Provide cybersecurity governance subject matter expertise.
  • Support enterprise reporting, cybersecurity metrics, and compliance dashboards utilizing ServiceNow.


Compliance & Oversight Support
  • Support FISMA reporting activities.
  • Prepare documentation for internal and external audits and oversight reviews.
  • Assist with responses to oversight inquiries and corrective action tracking.
  • Perform quality assurance reviews of cybersecurity documentation.
  • Perform other job-related duties as assigned.


Cybersecurity Risk Management Analyst Experience, Education, Skills, & Abilities Requested

Required Qualifications
  • Bachelor's degree in Cybersecurity, Information Technology, Public Policy, or related discipline (or equivalent experience).
  • Professional cybersecurity certification such as:
    • CISSP
    • CISM
    • CAP
  • Minimum seven (7) years of progressive cybersecurity experience.
  • Minimum four (4) years supporting federal Risk Management Framework (RMF) and Assessment & Authorization (A&A) programs.
  • Demonstrated experience implementing the NIST Risk Management Framework.
  • Strong working knowledge of:
    • Federal Risk and Authorization Management Program (FedRAMP)
    • NIST Special Publication 800-53 Revision 5
    • Federal Information Security Modernization Act (FISMA)
    • Federal Zero Trust Strategy (OMB M-22-09)
  • Experience supporting Moderate and/or High Impact federal information systems.
  • Familiarity with federal cloud security requirements and FedRAMP-authorized cloud environments.
  • Proficiency with Microsoft Office 365 applications.
  • Excellent written and verbal communication skills.
  • Ability to communicate effectively with technical teams and executive leadership.
  • Active Public Trust clearance or the ability to obtain and maintain one.

Preferred Qualifications
  • Experience using ServiceNow, CSAM, or comparable GRC platforms.
  • Experience with Atlassian Confluence and JIRA.
  • Experience supporting enterprise cybersecurity policy development.
  • Familiarity with Responsible AI guidance applicable to federal agencies, including Executive Order 13960, OMB M-25-21, and OMB M-25-22.
  • Experience supporting federal research or grant-management systems.


Core Competencies
  • Federal Cybersecurity Governance
  • Risk Assessment & Analysis
  • Policy Development
  • Regulatory Interpretation
  • Technical Documentation
  • Quality Assurance
  • Stakeholder Engagement
  • Analytical Problem Solving


Work Environment
  • Full-time remote position.
  • Supports Cherokee Federal's cybersecurity contract with the U.S. National Science Foundation (NSF).
  • Reports to the Cybersecurity Oversight and Compliance Lead.
  • Works within a structured federal compliance environment.
  • Collaborates with system owners, security personnel, program offices, and senior stakeholders.
  • Supports ongoing authorization activities, governance initiatives, and periodic oversight reviews.

Must pass pre-employment qualifications of Cherokee Federal.

Company Information

Criterion Systems LLC is part of Cherokee Federal-the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner supporting more than 60 federal clients, Criterion delivers innovative technology, cybersecurity, and mission support solutions that help federal agencies solve complex challenges and accomplish critical missions.

Cherokee Federal is a military-friendly employer. Veterans and active military transitioning to civilian careers are encouraged to apply.

#CherokeeFederal #LI-SM2 #AppC

Similar Searchable Job Titles
  • Cybersecurity RMF Analyst
  • Cybersecurity GRC Analyst
  • Information Security Risk Analyst
  • Cybersecurity Compliance Analyst
  • Information Assurance Analyst
  • RMF Security Analyst
  • FedRAMP Security Analyst
  • Cyber Risk Analyst


Keywords
  • NIST Risk Management Framework (RMF)
  • NIST SP 800-53 Rev. 5
  • NIST SP 800-37
  • NIST SP 800-30
  • FedRAMP
  • FISMA
  • Assessment & Authorization (A&A)
  • Authorization to Operate (ATO)
  • System Security Plan (SSP)
  • Security Assessment Plan (SAP)
  • Security Assessment Report (SAR)
  • Plans of Action & Milestones (POA&M)
  • Governance, Risk & Compliance (GRC)


Legal Disclaimer Cherokee Federal is an equal opportunity employer. Please visit cherokee-federal.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, Accommodation request, and Presidential EO 14042 Notice.
group id: 10215765F

Who We Are

job ad image
Find Cherokee Federal on Social Media
Recruiters
user avatar
About Us
At Cherokee Federal, we’re always looking for top talent who share our values and who believe in making a difference. We manage nearly 1,000 federal projects of all sizes, from aerospace manufacturing and health sciences to technological innovations and consulting services.

Cherokee Federal has a team of 3,000+ employees with the technical skills and entrepreneurial drive focused on building next-generation technologies, solving complex challenges and serving more than 60 federal agencies globally.

We offer a comprehensive benefits package that reflects the importance of the services we provide our federal customers, including competitive salary, retirement, health and wellness and more. Join our team and make an immediate impact!
job ad2 image

Cherokee Federal Jobs


Job Category
IT - Security
Clearance Level
Public Trust