Enterprise Risk Analyst-Cybersecurity/NIST

About Huntridge Labs Overview Huntridge Labs is a digital engineering company focused on delivering modern solutions for public benefit that are backed by emerging technologies. Mission over Margin We value serving the client mission over everything else. We believe there are too many public sector-focused firms in this industry that are distracted by their bottom line, forcing their customers and the public take a back seat. We started Huntridge Labs to be better. We are here to benefit the general public by helping the government solve critical technology challenges. We Do Not Settle for Mediocrity Our philosophy is "A's hire A's." As such, we hire top talent into every position. We roll up our sleeves to solve our industry’s toughest challenges, which requires incredibly talented people at our side. We offer one of the best benefits packages in the industry to prove our commitment to attracting and retaining the best talent. We also understand that our company may not be for everyone. Every new employee is subject to a 90-day probationary period. If this is not a good fit, we may decide to part ways. We will make sure you are taken care of financially until you can find a new role. About You Regardless of the role you are applying for, you will be a great fit in Huntridge Labs if this describes you: You are a top performer in your current role You are radically collaborative and transparent with your peers, clients, and leadership You enjoy succeeding as a team You love solving problems and trying new things You hate bureaucracy, red tape, and wasteful processes When you see something that's broken, you fix it "That's not my job" doesn't exist in your vocabulary If you do not meet the qualifications listed below, but believe you are fully capable of doing this job, please apply anyway. About the role Core Hours: 9am-5pm EST The experienced Risk Analyst. The role executes the VA Enterprise Risk Analysis process using a custom ERA tool to identify key cyber security risk factors in network connected medical devices and Special Purpose Systems (e.g., building automation systems, physical security systems, operational technology). These risk factors are summarized, evaluated, and reported using quantitative and qualitative scores to provide a VA authorizing official with awareness of the residual cyber risk prior to connecting these devices to the VA network. What you'll do Risk Analyst must acquire, review and leverage system documentation and data gathered through questionnaires and interviews with customers in the field and vendor/manufacturer representatives to accurately document critical security posture elements in a common reporting format. These elements include hardware/software inventory, communications profile, system interconnections, data types and stores, and the presence or lack of security controls, settings and mechanisms for a given device type. The analyst works within the Specialized Device Cybersecurity Department Risk Management team and is expected to collaborate with Federal and contractor team mates to achieve best outcomes for the ERA process .Qualifications Experience with Cybersecurity, risk management, or risk assessment for complex systems Experience with NIST SP 800-53 and NIST SP 800-30 Experience with documenting and depicting network topology and network protocols Ability to engage directly with clients, and third parties to facilitate enterprise risk analysis Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements Bachelor's degree in computer science, Electronics Engineering, or technical equivalent and 10 years of professional experience or a total of 18 years in lieu of education Nice If You Have: Experience with cybersecurity analysis of medical technology or Internet of Things (IoT) Experience with Governance, Risk, and Compliance (GRC) Experience with Assessment and Authorization (A&A) and eMASS Experience with Excel and Visio CompTIA Security+ or Certified Risk Management Professional (CRISC) or Certified in Risk and Information Systems Control (CRISC) Public Trust clearance Salary range-$90k-$110k Apply tot his job