Senior Cybersecurity Risk Management Analyst
Company: Evolver Federal
Location: Springfield
Posted on: February 21, 2026
|
|
|
Job Description:
Job Description Job Description Evolver Federal is seeking a
Senior Cybersecurity Risk Management Analyst to support its Federal
client in Springfield, VA in managing a portfolio of systems
participating in Ongoing Authorization/ Continuous ATO. This role
will ensure compliance with established guidance/processes for
Ongoing Authorization (OA) including but not limited to: developing
and reviewing security documentation in support of the OA process
and compiling related security packages for submission, validating
control sets for testing, and conducing internal compliance reviews
of assigned systems processes, as well as develop various
compliance reports relating to all areas of risk and compliance.
The successful candidate will have previous experience managing a
Federal Government Ongoing Authorization Program or previous
experience as an ISSO with assigned systems participating in
Ongoing Authorization/ Continuous ATO Program. The candidate will
also have experience with FISMA metrics and in reviewing and
analyzing data output from scanning tools for the purposes of
identifying risks and trends at the enterprise level in support of
continuous monitoring and drive remediation efforts.
Responsibilities: Provide security SME-level input to working
groups to improve FISMA metrics and continuous monitoring
processes. Advise on architectural requirements for system/network
security, Active Directory, application integration, and system
hierarchy. Analyze data from continuous monitoring, configuration,
vulnerability, asset, and software management tool output to
identify security trends and risks. Support risk mitigation through
performance analysis and anomaly detection. Guide System Team
stakeholders on OA processes and ensure compliance with OA
Methodology. Perform document reviews for all security
documentation in support of initial authorization, reauthorization,
and ongoing Security Authorization packages, as well as compile and
prepare authorization packages. Conduct monthly reviews and annual
assessments of OA systems. Validate system control assessment test
plans and ensure control testing is in alignment with OA assessment
frequency requirements. Organize and lead monthly Organizational
Risk Management Board (ORMB) meetings, including preparing and
distributing meeting minutes. Develop, maintain, and make
recommendations for enhancing Cybersecurity Policies. Develop,
update, and maintain Standard Operating Procedures (SOPs) and make
recommendations for new processes and/or SOPs needed to mature and
improve Government Programs. Apply knowledge of NIST 800-53
security controls and recommend appropriate allocation to support
OA/ Continuous ATO. Communicate clearly with system owners,
developers, and executive leadership on various cybersecurity, risk
and compliance topics, including providing recommendations on
system and network security architecture, Active Directory
integration, and application security. Coordinate, schedule,
develop agendas, and facilitate meetings for large governance
groups and working groups comprised of all levels of government and
contractor stakeholders. Perform other duties as assigned by the
Government. Ability to work efficiently and effectively in a
dynamic and fast-paced environment. Basic Qualifications 8 years of
related experience with Bachelor's Degree or 10 years of overall
related experience in a relevant field 5 years of experience with
NIST 800-37, experience that can span across a subset, or all, of
the steps within the Risk Management Framework. 3 years of
experience in DHS environment 1 year of experience assessing
security controls in accordance with NIST 800-53 in support of the
Federal Government to include evaluating and validating security
control implementation. Must have a current Active Secret clearance
3 years of experience with NIST SP 800-53, 800-37 3 years of
experience with DHS 4300A/B 1 year of experience with FISMA
metrics, and security compliance. 3 years of experience executing
continuous monitoring activities, including those supporting
vulnerability management and configuration management. 3 years of
experience with government GRC tools such as Archer, IACS, CSAM,
etc. 5 years' experience managing/ supporting cybersecurity
architecture and governance. Must have previous client-engagement
experience. Preferred Qualifications 2 years of experience
assessing security controls in accordance with NIST 800-53 in
support of the Federal Government to include evaluating and
validating security control implementation. 5 years of experience
as an Information System Security Office (ISSO) in/ in support of
the Federal government, developing and maintaining comprehensive
security documentation in support of the Risk Management Framework,
including, but not limited to: System Security Plans (SSPs)
(Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests
(CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold
Analyses (PIA), and Business Impact Assessments (BIAs). 3 years of
experience as an Information System Security Office (ISSO) in/ in
support of the Federal government, developing and maintaining
comprehensive security documentation in support of the Risk
Management Framework, including, but not limited to: System
Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs),
Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs),
and Privacy Threshold Analyses (PIA), and Business Impact
Assessments (BIAs). Ability to schedule and lead meetings,
including Working Groups and formal Governance Groups, with a
diverse group of government and contractor stakeholders at various
levels within the organization, including developing and
maintaining agendas, meeting notes, and meeting records, including
maintaining a repository of all meeting records. Ability to
communicate clearly and effectively via written and verbal
communication in both formal and informal situations. Ability to
clearly communicate complex technical concepts to Information
Technology Project Managers, ISSOs, Application Developers, and
Security Compliance Analysts, as well as non-technical POCs such as
Branch Chiefs and Business System Owners. Ability to adapt to
frequent changes in priorities, follow project schedules, meet
established deadlines, and proactively communicate risks and issues
to the Contractor PM and/or Federal Leads. Possess good listening
skills and the ability to detect explicit and implicit needs and
wants of the client. Demonstrated ability to exercise good
judgment, prioritize multiple tasks, and problem solve under
pressure of deadlines and resource constraints Possess strong
analytical and critical thinking skills with the ability to apply
them to the client/ contract workspace. Excellent organizational
skills and attention to detail. Strong analytical, critical
thinking, and problem-solving skills. Evolver Federal is an equal
opportunity employer and welcomes all job seekers. It is the policy
of Evolver Federal not to discriminate based on race, color,
ancestry, religion, gender, age, national origin, gender identity
or expression, sexual orientation, genetic factors, pregnancy,
physical or mental disability, military/veteran status, or any
other factor protected by law. Actual salary will depend on factors
such as skills, qualifications, experience, market and work
location. Evolver Federal offers competitive benefits, including
health, dental and vision insurance, 401(k), flexible spending
account, and paid leave (including PTO and parental leave) in
accordance with our applicable plans and policies. Job Posted by
ApplicantPro
Keywords: Evolver Federal, Rockville , Senior Cybersecurity Risk Management Analyst, IT / Software / Systems , Springfield, Maryland
