EnterpriseRiskAnalyst

Enterprise Risk Analyst **The Opportunity****:** As an experienced Risk Analyst, you will execute the VA Enterprise Risk Analysis (ERA) process using a custom ERA tool to identify key cybersecurity risk factors in network connected devices. These risk factors are summarized, evaluated, and reported using quantitative and qualitative scores to provide a VA authorizing official with awareness of the residual cyber risk prior to connecting these devices to the VA network. You must acquire, review, and leverage system documentation and data gathered through questionnaires and interviews with customers in the field and vendor or manufacturer representatives to accurately document critical security posture elements in a common reporting format. These elements include hardware and software inventory, communications profile, system interconnections, data types and stores, and the presence or lack of security controls, settings, and mechanisms for a given device type. Work within a Risk Management team to achieve best outcomes for the ERA process. Join us. The world can’t wait. **You Have:** * Experience with cybersecurity, risk management, or risk assessment for complex systems * Experience with NIST SP 800-53 and NIST SP 800-30 * Experience documenting and depicting network topology and network protocols * Ability to engage directly with clients and third parties to facilitate enterprise risk analysis * Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements * Bachelor's degree in Computer Science, Engineering, or Mathematics and 10+ years of experience in information analysis, or 18+ years of experience in information analysis in lieu of a degree **Nice If You Have:** * Experience with cybersecurity analysis of medical technology or Internet of Things (IoT) * Experience with Governance, Risk, and Compliance (GRC) * Experience with Assessment and Authorization (A&A) and eMASS * Experience with Excel and Visio * Public