Risk Management Analyst

Creates cyber-intelligence tools / methods and performs research and analysis in order to mitigate and eliminate data and cyber security risks. Identify, assess, and mitigate risks that could affect the organization's ability to achieve its business objectives. Work closely with various departments to analyze risks, develop strategies, and enhance the organization's risk management framework.
Essential Duties and Responsibilities:

Supports the formal Security Test and Evaluation (ST E) through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
Involved in the establishment of strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
Assists with defining security objectives and system-level performance requirements.
Conduct risk assessments and develop risk profiles to inform decision-making processes.
Collaborate with stakeholders to develop and implement risk mitigation strategies and action plans.
Prepare and present risk management reports to senior management and relevant stakeholders.
Facilitate risk awareness training sessions and promote a risk-aware culture within the organization.
Assist in the development of risk management policies and procedures.

Qualifications:


Bachelor's degree in information security or a related field.
Approximately 5 years of experience in risk management, Information Security, or a related discipline.
Strong analytical and problem-solving skills with attention to detail.
Proficient in risk assessment methodologies and tools.
Excellent communication and interpersonal skills, with the ability to convey complex information clearly.
Proficiency in Microsoft Office Suite (Excel, PowerPoint, Word) and risk management software.
Professional certification in risk management (e.g., CRISC, CRCM, ARM) is a plus.
Knowledge, Skills, and Abilities

Knowledge of NIST 800 series of publications and controls
Understand the Security Test and Evaluation (ST E) process and controls implementation
Ability to evaluate security systems hardening standards in accordance to STIG and CIS benchmarks
Other Job Specific Skills

Must be able to communicate effectively and clearly present technical approaches and findings.
Exercises a limited degree of latitude in determining technical objectives of assignments.
Excellent attention to detail.
Must be able to balance multiple tasks simultaneously.

Disclaimers
Compensation Ranges
Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.
EEO Requirements
It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.
All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.
Physical Requirements
The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.
Disclaimer
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.