HimalayasHimalayas logo
CF

Cybersecurity Risk Management Analyst

Cherokee Federal

Salary: 95k-105k USD

United States only

Stay safe on Himalayas

Never send money to companies. Jobs on Himalayas will never require payment from applicants.

Cybersecurity Risk Management Analyst

Cherokee Federal is seeking a Cybersecurity Risk Management Analyst to support its contract with the U.S. National Science Foundation. This role supports Assessment and Authorization (A&A) and broader risk management activities within a federal Governance, Risk, and Compliance (GRC) program. The analyst supports system authorization efforts, risk analysis, and ongoing compliance in alignment with federal cybersecurity requirements.

The Cybersecurity Risk Management Analyst will be part of the Oversight and Compliance Team, which includes policy, A&A, continuity planning, privacy, training, and Security-Focused Configuration Management (SecCM) functions. This role works collaboratively with system owners, ISSOs, and technical teams to assess controls, evaluate risk, and contribute to a holistic view of organizational cybersecurity risk.

Compensation & Benefits: $95,000- $105,000

Estimated Starting Salary Range for Cybersecurity Risk Management Analyst:

Pay commensurate with experience.

Full time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided. Benefits are subject to change with or without notice.

Cybersecurity Risk Management Analyst Responsibilities Include:

  • Create, manage, maintain, and improve NSF A&A documentation and processes (e.g., SSPs, SARs, POA&Ms, security inventories, PTAs, PIAs, and internal reports to management), ensuring completeness, accuracy, and alignment with NIST RMF (SP 800-37, SP 800-53 Rev. 5) and NSF standards.
  • Perform control assessments by analyzing technical, procedural, and operational evidence; document results and support risk determinations, POA&M management, and ongoing authorization activities.
  • Collaborate with system owners, ISSOs, and engineers to gather artifacts, validate control implementations, and maintain authorization packages across the system lifecycle.
  • Conduct cybersecurity assessments and develop a continuous monitoring plan for cloud services in compliance with FedRAMP and other federal requirements.
  • Evaluate External Services (e.g., SaaS, PaaS, IaaS) for inclusion within authorization boundaries by reviewing service documentation, analyzing controls, and documenting risks, dependencies, and shared responsibility models; review authorization packages from FedRAMP to assess applicability and identify gaps.
  • Support continuous monitoring and SecCM activities by analyzing vulnerability and configuration data (e.g., scan results), validating remediation actions, and identifying trends or systemic risks across systems.
  • Customize DISA STIGs and CIS Benchmarks to create and maintain standardized “gold” audit files for systems in use at NSF; leverage Tenable Security Center to support the Security-Focused Configuration Management process.
  • Contribute to broader risk management efforts, including identifying cross-system or program-level risks, supporting audit and compliance activities (e.g., OIG), and incorporating findings from assessments, incidents, and external reviews into risk posture and reporting.
  • Perform peer reviews of A&A artifacts and related documentation to ensure technical accuracy, consistency, and adherence to established standards; contribute to team deliverables and coordination across Cybersecurity Oversight and Compliance functions.
  • Performs other job-related duties as assigned

Cybersecurity Risk Management Analyst Experience, Education, Skills, Abilities requested:

  • Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience).
  • 2–5 years of experience in cybersecurity, risk management, or A&A within a federal or regulated environment.

· CompTIA Security+ certification

  • Working knowledge of the NIST Risk Management Framework (RMF) and associated publications (e.g., SP 800-53, SP 800-37, FIPS 199).
  • Experience developing or maintaining A&A documentation (e.g., SSPs, SARs, POA&Ms).
  • Familiarity with External Services assessments and/or FedRAMP authorization concepts.
  • Demonstrated experience contributing to or reviewing at least one complete ATO package (e.g., SSP, SAR, POA&M lifecycle).
  • Proven track record of logical and critical thinking, sophisticated writing skills, superior organizational skills, and excellent planning and time management skills.

· Strong attention to detail

Company Information:

Criterion is a part of Cherokee Federal – the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government’s mission with compassion and heart. To learn more about Criterion, visit cherokee-federal.com.

#CherokeeFederal #AppC

Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.

Similar searchable job titles:

· Cybersecurity Compliance Analyst

· Information Security Risk Analyst

  • Governance, Risk & Compliance (GRC) Analyst
  • Assessment & Authorization (A&A) Analyst

· Cybersecurity RMF Analyst

Keywords:

· NIST RMF

· ATO Documentation

· FedRAMP

· Risk Assessment

· Continuous Monitoring

Legal Disclaimer: All qualified applicants will receive consideration for employment without regard to protected veteran status, disability or any other status protected under applicable federal, state or local law. Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.

About the job

Apply before

Posted on

Job type

Full Time

Experience level

Mid-level

Salary

Salary: 95k-105k USD

Education

Bachelor degree

Experience

2 years minimum

Experience accepted in place of education

Location requirements

United States

Hiring timezones

United States +/- 0 hours

Job categories

Cybersecurity Compliance AnalystInformation Security Risk AnalystGovernanceRisk & Compliance (GRC) AnalystAssessment & Authorization (A&A) AnalystCybersecurity RMF Analyst

Skills

NIST Cybersecurity FrameworkNIST 800 53NIST 800 37FedRAMPAssessment & AuthorizationRisk AnalysisDISA STIGsTenableVulnerability AssessmentCompTIA SecurityCherokeeEvidence

Browse similar jobs

Remote Mid-level Cybersecurity-Compliance-Analyst JobsRemote Full Time Cybersecurity-Compliance-Analyst JobsRemote Mid-level Cybersecurity-Compliance-Analyst Jobs in United StatesRemote Full Time Jobs in United StatesRemote Cybersecurity-Compliance-Analyst Jobs in United States

About Cherokee Federal

Learn more about Cherokee Federal and their company culture.

View company profile
Claim this profileCF

Cherokee Federal

View company profile

Similar remote jobs

Here are other jobs you might want to apply for.

View all remote jobs

13 remote jobs at Cherokee Federal

Explore the variety of open remote roles at Cherokee Federal, offering flexible work options across multiple disciplines and skill levels.

View all jobs at Cherokee Federal

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan