Cybersecurity Risk Analyst (Remote)

Koniag IT Systems, LLC

Job ID 2350021

Koniag IT Systems, LLC, a Koniag Government Services company, is seeking an experienced Cybersecurity Risk Analyst to support KITS and our government customer. This is a remote opportunity.

We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more. **

Position Overview:**

KGS has an immediate need for a Senior Risk Analyst with the ability to review and analyze risks within the agency, provide feedback and ultimately “treatment” solutions at our client, USDA. The Sr. Risk Analyst will have a strong skillset for gathering and analyzing data within the security boundaries at USDA and ability to incorporate a compliance/governance viewpoint to solve the problem. Additionally, the Sr. Risk Analyst should have a strong background in risk analysis to be able to navigate the agency to find answers and provide recommendations. This role receives assignments and reports directly to the Team Lead supporting USDA Governance Services Division (GSD) Security Compliance Services Branch (SCSB). The position is integral to our success at USDA and providing our client with the most organized and professional team members to meet their expectations. **

Essential Functions, Responsibilities & Duties may include, but are not limited to:**

• Support the development and maintenance of the risk management program at USDA.
• Participate in consultation to execute the program components.
• Conducts systems security evaluations, audits, and reviews. Gathers and analyzes findings, organizes documentation, consults with systems users, and develops recommendations used to identify and define systems security requirements and assists in risk mitigations.
• Analyzes findings and develops and presents recommendations on methods to prevent security incidents and ensure systems reliability.
• Evaluates the effectiveness of existing programs. Identifies new processes, techniques, and procedures to upgrade and enhance security protocols for full compliance of the operating systems.
• Identifies need for system changes based on new security technologies or threats; reviews proposed new systems, networks, and software designs for potential security risks; and develops long-range plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities.
• Participates on project teams to implement systems security programs and to integrate IT security with other disciplines. Ensures coordination and/or collaboration on security activities.
• Conducts risk assessments to identify areas of potential vulnerability in operating systems used throughout the organization.
• Monitors application of approved security procedures by systems users for CEC's compliance with information security requirements across IT programs. Adapts program guidelines to align with emerging or changing technologies.
• Consults with other IT Specialists to make authoritative recommendations on strategies and policies that govern implementation of security and reliability procedures throughout the organization. Establishes, implements, and interprets requirements for CEC's compliance with higher level policy directives and Executive orders governing the operating systems.
• Develops, recommends, and assists with implementation of approved security contingency plans, incident response plans, and disaster recovery procedures.
• Assesses the agency's compliance with infrastructure protection requirements across IT programs and refining program guidelines to align with emerging or changing technologies.
• Serves as a liaison to identify, write, and implement organizational security compliance planning, processes, and procedures, responsible for the collection, analysis, review, documentation, and communication to leadership of these requirements for highly complex IT systems and their security.
• Collaborates with SCSB management by identifying challenges and opportunities; identifies and assists with implementing actions plans and solutions.
• Stays up to date on knowledge and research related to over 200 applicable security compliance laws, regulations, policies, and authorities: providing complex evaluations and gap analysis.
• Recommends process improvements that result in increased quality of CEC security compliance services for CEC and CEC Customers.
• Protects Customers and employees by incorporating security and compliance in all decisions and daily job responsibilities; follows security policies and procedures; continuously identifies and recommends opportunities for improving security for CEC systems.
• Evaluates current processes documentation to determine gaps providing gap analysis.
• Documents and evaluates current and to-be-transitioned processes including flow chart, value stream maps, performance metrics, systems, and tools to optimize quality of security compliance information system metrics.
• Acts as the liaison between management and relevant stakeholders to help them determine appropriate synergies and document dependencies, dates, schedules, project owners and linkages that are critical for the success of the customer transition and transformation activities.
• Establishes, fosters, and maintains effective working relationships with senior leadership, subject matter experts, and the USDA Information System Security Program community.
• Experienced in effective motivational and written and verbal communications.
• Provides complex expert technical advice, guidance, and recommendations to management and other technical specialists on compliance with CEC's security program, monitoring, and improvement of its security posture.

Work Experience, Knowledge, Skills & Abilities:

• Bachelor’s degree in information security, Cyber Security, or related field. Will consider professional experience in lieu of education.
• A minimum of 5 years of experience in risk management, auditing or an internal control's role is required.
• Experience with risk management frameworks, methodologies, and tools.
• Must be able to quickly analyze a large collection of data, then create reports and determine results.
• Ability to quickly analyze data and collaborate with key stakeholders to make decisions.
• Must be able to communicate clearly and effectively with clients and team members at all levels.
• Must be able to organize and manage individual time to complete all projects.
• Excellent interpersonal, written, and oral communication skills
• Ability to work in a team as well as independently, in a fast-paced, multi-tasking, global environment.
• Candidate must be able to pass a USDA Background Investigation for the position. Secret Clearance or higher is preferred.

Leadership

• Displays a positive attitude.
• Demonstrates flexibility in day-to-day work.
• Sets high standards of performance for oneself.
• Proactive with internal and external teams to stay abreast of the needs for each requirement.

Teamwork

• Establishes harmonious working relationships with team members.
• Appreciates each team member's contributions and values each individual member.
• Experience communicating through Microsoft Teams or a similar platform.
• Ability to jump in and support other team members as workloads shift throughout the year.

Client Management

• Values internal and external clients and responds in a timely manner.
• Establishes effective working relationship with clients.
• Follow established communication guidelines.
• Uses good judgment in what and how to communicate with clients.

Preferred Qualifications And Skills

• Mastery of, and skill in applying, advanced IT security principles, concepts, methods, standards, and practices sufficient to accomplish assignments such as providing expert technical advice, guidance, and recommendations to management and other technical specialists on critical IT issues and making decisions or recommendations that significantly influence important agency IT policies or programs.
• Mastery of, and skill in applying IT systems security principles, concepts, and methods sufficient to develop long-range plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities for other agencies and customers.
• Comprehensive knowledge of department and agency Risk Management Framework, Disaster Recovery, and Contingency Planning with a thorough understanding of USDA and NIST compliance requirements from the Office of the Inspector General (OIG), Government Accountability Office, Office of Management and Budget and Office of the Chief Financial Officer
• Expert analytical skills to apply a wide range of qualitative and/or quantitative methods for the assessment of IT security needs, resource prioritization, and program direction.
• Understanding of IT/Security Infrastructure audit controls a plus.
• Strong Governance, Risk & Compliance background desired.
• Programming language highly preferred to help automate some of the functionality (Python and/or SQL)
• Factor Analysis of Information Risk certification desired (must be willing to obtain this certification within 6-9 months of start date) – www.fairinstitute.org

Working Environment & Conditions

This job operates in a professional office environment and has a noise level of mostly low to moderate. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines. This position is primarily indoors, consistent with a standard office position and has a noise level of mostly low to moderate. The incumbent is required to stand, walk; sit; use hands to finger, handle, or feel objects, tools, or controls; reach with hands and arms; talk and hear. The workload may require the incumbent to sit for extended periods of time. The incumbent must be able to read, do simple math calculations and withstand moderate amounts of stress. The incumbent must occasionally lift and/or move up to 25 lbs. Specific vision abilities required by the job include close vision, distance vision, color vision, depth perception, and the ability to adjust focus. **

Our Equal Employment Opportunity Policy**

The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, sex, sexual orientation, gender, or gender identity (except where gender is a bona fide occupational qualification), national origin, age, disability, military/veteran status, marital status, genetic information, or any other factor protected by law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits and all other privileges, terms, and conditions of employment.

The company is dedicated to seeking all qualified applicants. If you require accommodation to navigate or to apply to a position on our website, please contact Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.

Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com. **

Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352**

Medical Insurance Vision Insurance Dental Insurance 401k Disability Maternity Tuition Assistance