Cybersecurity Analyst - Governance, Risk, and Compliance with Security Clearance

---

Job description

Riverside Overview Riverside Research is an independent National Security Nonprofit dedicated to research and development in the national interest. We provide high-end technical services, research and development, and prototype solutions to some of the country's most challenging technical problems. All Riverside Research opportunities require U.S. Citizenship. Position Overview Riverside Research is seeking a Cybersecurity Governance, Risk and Compliance (GRC) Analyst for the company's corporate enterprise information systems. The individual is responsible for supporting the development, assessment, and execution of security controls aimed at minimizing risk exposure and meeting corporate and regulatory security requirements. As a member of the enterprise team, the individual will have exposure to a broad array of emerging and dynamic technologies necessary to keep Riverside Research on the leading edge of our customers' needs. This Riverside Research opportunity requires U.S. Citizenship. The position is based in Beavercreek, OH with a hybrid schedule. Live or relocate to a commutable distance to Beavercreek,Ohio and surrounding areas. Responsibilities Conduct security control design assessments
Conduct recurring operating effectiveness audits to identify potential control failures
Support root cause analyses for control failures and provide recommendations for improvement
Contribute updates to relevant System Security Plans (SSP)
Maintain GRC platform deficiency registers
Support operational control processes and user requests for support
Maintain systems of record for exemptions to policy
Contribute to security and risk impact analysis for information technology components and services
Develop system compliance artifacts & body of evidence (BOE)
Contribute to corporate policy and procedure development
Contribute to enterprise security awareness and training
Support corporate incident response processes Qualifications Bachelor's degree in an information technology or cybersecurity related field with five (5) years relevant experience
Working experience with IT or cybersecurity risk & control frameworks (CMMC, NIST CSF, NIST RMF, PCI-DSS, FedRAMP, CSA STAR, ISO 27000 series, etc.)
Ability to demonstrate understanding of relationships between data sensitivity and security control selection, design, implementation, and evaluation
Knowledge of modern enterprise-scale IT environments
Security control assessment and/or audit experience
Excellent written, verbal, and inter-personal communications skills
Proficient in delivering on multiple priorities simultaneously
Innovative self-starter with strong analytical, problem-solving, and organization skills
Ability to work independently with minimal direction
Desired Qualifications: Master's degree in an information technology or cybersecurity related field
Industry-recognized cybersecurity or information security certifications (CASP, Sec+, CISSP, CCSP)
Technical audit experience
Experience in regulated industries (i.e. Defense, Finance, Healthcare, Telecommunications)
Familiarity with FAR/DFARS requirements pertaining FCI, CDI, CUI, & CMMC
Familiarity with Windows and Linux Operating system management in an enterprise context
Understanding of enterprise authentication methods (AD, EntraID, ADFS, SAML)
Understanding of cloud service and deployment models and shared responsibilities
Working knowledge of cloud technologies (Azure, AWS, Google Cloud, etc.)
Prior system administrator or network administrator experience
Ability to obtain and maintain Secret Security Clearance Global Comp $104,000 - $149,000 This represents the typical compensation range for this position based on experience, location and other factors. Closing Statement Riverside Research Institute is a not-for-profit, technology-oriented defense company, where service to our customers and support of our staff is our overall mission. Riverside is an affirmative action-equal opportunity employer and complies with all applicable federal, state, and local laws regarding recruitment and hiring. Riverside offers comprehensive compensation and benefit packages to our employees.
Riverside bases its employment decisions solely on technical experience, qualifications and other job-related criteria related to our organizational purpose as a not-for-profit company, and without regard to race, color, religion, age, sex marital status, sexual orientation, national origin, physical or mental disability, veteran's status or any other status legally protected by applicable federal, state, and local law.

<!– job description page –>