Risk and Compliance Analyst
Dunhill Professional Search & Government Solutions
Bethesda, MD, US
Full-time
Risk and Compliance Analyst
Hybrid Bethesda, MD 2 days per week
US Citizenship Required
We are looking for a motivated Risk and Compliance Analyst to join a team working on a Federal contract. Specifically will need experience in cloud solutions AWS or Azure.
This is a mostly remote role with one or two days a week onsite as needed.
Job Description :
- Provide Risk Management Framework (RMF) subject matter expertise to the client.
- Experience implementing security controls and compliance with a Cloud Service Provider CSP (AWS or Azure)
- Support ongoing compliance activities and monitoring efforts across applicable Regulations and Standards (NIST-800-53, FedRAMP)
- Collaborate with cross-functional teams to implement compliance initiatives and security controls
- Monitor and track activities related to control remediation or corrective action.
- Partner with business and IT teams to develop and deliver risk mitigation plans, implement additional control activities, or document risk acceptance
- Experience with FedRAMP compliance, Cloud systems and the Customer Responsibility Matrix (CRM)
- Coordinate with Authorizing Officials, System Owners, Engineers, ISSO and other applicable teams to create and update SSPs, SARs, SIAs, Security Impact Analysis and other applicable documentation for legacy on-prem and Cloud systems.
- Assess and determine the NIST 800-53 Control Status for multiple ATOs.
- Update and maintain POAMs and ATO packages in CSAM
- Ensure assessment and authorization packages are in compliance with Federal government compliance and client requirements.
- On-time submission of contract deliverables with special attention to quality and accuracy.
- Monitor, track, and report on daily, weekly, and monthly team program initiatives.
- Evaluate configuration management (CM) for information system security software, hardware, and firmware.
Other Job Specific Skills :
- Experience and knowledge of NIST SP 800-37, NIST SP 800-53r5, FedRamp
- Experience and knowledge of performing risk and vulnerability assessments for the purpose of change management (SIA).
- POAM management, tracking and reporting.
- Experience with RMF and Cloud authorization processes and procedures.
- Experience with categorization of Federal government systems.
- Experience in policy implementation with a Federal government client.
- Technical writing skills to include SOPs and Control Implementation.
1 day ago