Risk Management Framework Analyst- Mid Level

A leader in cutting-edge research and technology in the cyber arena, CPMG focuses on using business drivers to guide cybersecurity activities and manage risk. CPMG offers flexible, integrative solutions for Department of Defense (DoD) contractors, among others, and specializes in cybersecurity, information and operational technology, electronic security surveillance, and support services.

Summary:

The Risk Management Framework Analyst- Mid Level will support the Facility Related Control Systems (FRCS) CP Marine Team Lead at Fort Huachuca. The Mid-Level Analyst will act as a subject matter expert (SME) for Federal Authority to Operation (ATO) for the Utility Management and Control System (UMCS) and Enterprise Energy Data Reporting System (EEDRS), provides sound advice and recommendations to lower risk and improve the overall defensive posture.

Essential Job Functions:

• Assist in performing risk and vulnerability assessments on Army UMCS FRCS and EEDRS systems to identify and mitigate potential security risks. Collaborate with the CP Marine Team Lead and ISEC staff to analyze risks and recommend security measures.
• Conduct risk assessments, vulnerability assessments, and system audits to identify potential security threats to UMCS and EEDRS baseline systems at the ISEC lab at Fort Huachuca. Provide recommendations to mitigate identified risks and ensure compliance with applicable regulations and standards.
• Provide support for and where necessary to create security documentation as required in support of obtaining Authority to Operate (ATO) approvals of UMCS and EEDRS systems
• Analyze and report on security findings identified during assessment
• Create Plan of Action & Milestones (POAMs) for identified security control findings.
• Evaluate security control implementations for all UMCS and EEDRS baseline system boundaries on an annual basis.
• Act as the primary eMASS editor for all UMCS baselines, working in close coordination with the ISEC staff and CP Marine team on site.
• Strong understanding of Tenable Security Center, Nessus Scanners, and Agent configurations.
• Skilled in analyzing and reporting scan data for vulnerability management.
• Perform other duties as assigned.

Necessary Skills and Knowledge:

• Excellent communication and interpersonal skills.
• Ability to work collaboratively in a team environment and lead initiatives.
• Strong analytical and problem-solving skills.
• Excellent quality control skills, absolutely minimizing errors in eMASS records.

Minimum Qualifications:

• Must possess a Bachelor Degree cybersecurity, computer science, informational technology, or related fields; additional (4) four years of experience may be substituted for a degree.
• Minimum 5 years of experience in managing the inventory, categorization, selecting and monitoring security controls for the information systems in preparation of the ATO and/or RMF process for new and existing systems.
• Experienced in implementing NIST guidance related to the Risk Management Framework and supporting Plan of Action and Milestone (POAMs) review. Must have experience also in conducting interviews with application and system developers to document system operations surrounding security controls.
• Minimum of four (4) years of cybersecurity experience.
• US citizen
• Must have a Secret clearance.

Preferred Qualifications:

• Certifications: Security+ or other relevant certifications are highly desired.

Pay and Benefits
At Goldbelt, we value and reward our team's dedication and hard work. We provide a competitive base salary commensurate with your qualifications and experience. As an employee, you'll enjoy a comprehensive benefits package, including medical, dental, and vision insurance, a 401(k) plan with company matching, tax-deferred savings options, supplementary benefits, paid time off, and professional development opportunities.