Risk and Compliance Analyst

Hybrid Bethesda, MD 2 days per week

US Citizenship Required

We are looking for a motivated Risk and Compliance Analyst to join a team working on a Federal contract. Specifically will need experience in cloud solutions AWS or Azure. This is a mostly remote role with one or two days a week onsite as needed.

Job Description:

• Provide Risk Management Framework (RMF) subject matter expertise to the client.
• Experience implementing security controls and compliance with a Cloud Service Provider CSP (AWS or Azure)
• Support ongoing compliance activities and monitoring efforts across applicable Regulations and Standards (NIST-800-53, FedRAMP)
• Collaborate with cross-functional teams to implement compliance initiatives and security controls
• Monitor and track activities related to control remediation or corrective action.
• Partner with business and IT teams to develop and deliver risk mitigation plans, implement additional control activities, or document risk acceptance
• Experience with FedRAMP compliance, Cloud systems and the Customer Responsibility Matrix (CRM)
• Coordinate with Authorizing Officials, System Owners, Engineers, ISSO and other applicable teams to create and update SSPs, SARs, SIAs, Security Impact Analysis and other applicable documentation for legacy on-prem and Cloud systems.
• Assess and determine the NIST 800-53 Control Status for multiple ATOs.
• Update and maintain POAMs and ATO packages in CSAM
• Ensure assessment and authorization packages are in compliance with Federal government compliance and client requirements.
• On-time submission of contract deliverables with special attention to quality and accuracy.
• Monitor, track, and report on daily, weekly, and monthly team program initiatives.
• Evaluate configuration management (CM) for information system security software, hardware, and firmware.

Other Job Specific Skills:

• Experience and knowledge of NIST SP 800-37, NIST SP 800-53r5, FedRamp
• Experience and knowledge of performing risk and vulnerability assessments for the purpose of change management (SIA).
• POAM management, tracking and reporting.
• Experience with RMF and Cloud authorization processes and procedures.
• Experience with categorization of Federal government systems.
• Experience in policy implementation with a Federal government client.
• Technical writing skills to include SOPs and Control Implementation.