Risk Management Analyst
Umyuaq Technology is a rapidly growing company primarily focused on providing information technology (IT) support services and personnel to various government customers for extended term contracts. By providing a wide array of professional services and products, we help our customer's leverage technology and operate with total confidence in their technology resources' predictability, security, and reliability to meet business objectives. Umyuaq Technology is looking for a qualified Risk Management Analysts to join our team at Fort Lewis, WA in Tacoma, WA.
Purpose & Key Responsibilities of the Role:
This role will provide support in the delivery of proactive 'security by design' consultancy as a cyber and technical security SME by overseeing and supporting the business in identifying appropriate security solutions and ensuring alignment to security policies, standards, and minimum controls (and where applicable, industry standards at a technical level, i.e., CIS). The role holder will ensure that the business adheres with expected minimum requirements and operates within agreed risk appetites for information, data, and cybersecurity concerning IT projects' delivery.
The role holder will assist in proactively identifying, assessing, consulting on and addressing areas of cyber security risk and potential business and customer impact, aligning processes and controls to the Information and Cyber Security framework and internal security management system, identifying and driving continual improvements to the security posture of the group and segments. The role holder will be expected to understand areas of concern and, in conjunction with Government customers, provide advice and recommendations and support resolution or mitigation as required.
- Serves as an internal cyber security consultant to the organization
- Supports the development and maintenance of environment-specific security policies and procedures to ensure they remain aligned with business objectives and meet regulatory requirements.
- Provides support to ensure company processes remain in compliance with security control frameworks and applicable data privacy regulations.
- Maintain operational availability and document all installations and changes to the development networks IAW policies and procedures in the work center.
Assist the Cyber Risk Manager with the development and maintenance of standard security tests to identify weaknesses in any application and website (internally hosted/managed) security controls, including the planning and delivering in-house penetration testing.
Assist the Cyber Risk Manager in performing Risk Management Framework (RMF) and control assessments, aligning to industry frameworks where possible, (All security domains, with particular focus on technical / IT security) of IT change projects, suppliers (new or existing), and processes (concerning applications, infrastructure, and services), report findings, advise on policy and standards requirements (new or revised), track and coordinate corrective actions.
Support the delivery of the Group Cyber Security Strategy & roadmap development and progress, along with supporting initiatives where applicable to improve overall cybersecurity posture and reduce risk.
- BS/BA degree in Computer Science or related discipline or equivalent experience in information security governance and related functions (such as IT audit and IT Risk Management)
One of the following Professional Security Qualifications (for example, Certified Information Systems Security Professional (CISSP) or associate, Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), Certified in Risk and Information Systems Control (CRISC), Certified Authorization Professional (CAP), CompTIA Advanced Security Practitioner (CASP+CE), GIAC Security Leadership, Certified CISO (CCISO
Information security, Data Protection, and Privacy, Information risk management, associated security standards, and control frameworks, e.g., ISO27001, NIST, Cyber essentials, CIS20, Cloud security, etc.
Broad knowledge of current / up to date technologies in the cybersecurity field.
Knowledge of information security management frameworks such as AT101 SOC 2, ISO, ITIL, CobiT, NIST
- Knowledge of networking protocols, operating systems, firewalls, Active Directory, and vulnerability scanning tools are highly desired.
- Minimum of two years of experience monitoring the operation of information security controls desired.
- Excellent verbal and written communication skills to develop positive relationships and effectively communicate with employees, customers, auditors, business partners, and all management levels.
- Applicants selected for this position must be able to obtain and maintain a security clearance or access.
- U.S. Citizenship is required.
- Pay Type Salary
- Madigan Army Medical Center, 9040 Jaackson Avenue, Ft Lewis, Washington, United States of America