ZipRecruiter

Log In

1

Cyber Risk Assessment Jobs in Virginia (NOW HIRING)

Technomics Inc

Cyber Risk Analyst SME

Arlington, VA ยท On-site

This role involves conducting on-site and remote cyber risk assessments, developing mitigation strategies, and enabling proactive enterprise risk identification. The ideal candidate has deep ...

Technomics

Cyber Risk Analyst SME

Arlington, VA ยท On-site +1

This role involves conducting on-site and remote cyber risk assessments, developing mitigation strategies, and enabling proactive enterprise risk identification. The ideal candidate has deep ...

Capital One

Sr. Manager, Tech & Cyber Risk

Mclean, VA ยท On-site

Act as the end-to-end tech and cyber risk partner for senior technology executives, providing comprehensive support to engineering organizations while driving the strategic vision for risk assessment ...

Capital One

Manager, Cyber Risk & Analysis

Mclean, VA ยท On-site

Manager, Cyber Risk & Analysis As a Manager, you will apply your technical expertise, risk ... Lead risk assessments for technology change initiatives, ensuring non-compliance areas are ...

Beyond SOF

Cyber Risk Analyst (TS/SCI)

Reston, VA

Cyber Risk Analyst (TS/SCI) Reston, VA, USA Full-time Clearance: Top Secret/SCI Summary: Warnings ... You'll get technical, environmental, and personnel details from engineers and SMEs to assess the ...

Beyond SOF

Cyber Risk Analyst (TS/SCI)

Reston, VA ยท On-site

Cyber Risk Analyst (TS/SCI) Reston, VA, USA Full-time Clearance: Top Secret/SCI Summary: Warnings ... You'll get technical, environmental, and personnel details from engineers and SMEs to assess the ...

next page

Showing results 1-20

All JobsCyber Risk Assessment JobsCyber Risk Assessment Jobs in Virginia

Cyber Risk Assessment information

What is the difference between Cyber Risk Assessment vs Cyber Security Analyst?

AspectCyber Risk AssessmentCyber Security Analyst
Primary FocusIdentifying and evaluating cybersecurity risks and vulnerabilitiesMonitoring, detecting, and responding to security threats
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CEH, CISSP
Work EnvironmentRisk management teams, consulting firms, security departmentsSecurity operations centers, IT departments, incident response teams
ResponsibilitiesRisk analysis, vulnerability assessments, complianceThreat detection, incident response, security monitoring

While both roles involve cybersecurity, Cyber Risk Assessments focus on evaluating potential risks and vulnerabilities to inform security strategies, whereas Cyber Security Analysts actively monitor and respond to ongoing security threats. Understanding these differences helps organizations assign the right roles for comprehensive cybersecurity management.

What is a cyber risk assessment?

A cyber risk assessment is a process used to identify, evaluate, and prioritize potential threats and vulnerabilities in an organization's information systems. It helps organizations understand the potential impact of cyber threats and determine the likelihood of such events occurring. By conducting a cyber risk assessment, businesses can implement appropriate security controls and strategies to mitigate risks, comply with regulatory requirements, and protect sensitive data from cyberattacks. Regular assessments are essential to adapt to evolving threats and maintain a strong cybersecurity posture.

What are some common challenges faced by professionals in Cyber Risk Assessment, and how can they be addressed?

Professionals in Cyber Risk Assessment often encounter challenges such as rapidly evolving threat landscapes, keeping up with regulatory changes, and ensuring clear communication of technical risks to non-technical stakeholders. To address these, staying current with industry trends through continuous learning, leveraging robust risk assessment frameworks, and developing strong communication skills are essential. Additionally, collaborating closely with IT, compliance, and business units helps ensure comprehensive and effective risk management.

What are the key skills and qualifications needed to thrive as a Cyber Risk Assessor, and why are they important?

To thrive as a Cyber Risk Assessor, you need a strong understanding of cybersecurity principles, risk management frameworks, and relevant regulations, often backed by a degree in information security or related certifications like CISSP or CISA. Familiarity with security assessment tools, vulnerability scanners, and risk analysis platforms is typically required. Analytical thinking, attention to detail, and effective communication are vital soft skills for accurately identifying threats and conveying risks to stakeholders. These skills and qualities are crucial for protecting organizational assets and ensuring compliance in an evolving threat landscape.

Can you make $500,000 a year in cyber security?

Cyber Risk Assessment professionals with extensive experience, advanced certifications, and specialized skills can potentially earn salaries approaching or exceeding $500,000 annually, especially in senior or executive roles. Achieving this level often requires a combination of technical expertise, leadership responsibilities, and working in high-demand industries or organizations. However, such salaries are not typical for entry- or mid-level positions in cybersecurity.
What are popular job titles related to Cyber Risk Assessment jobs in Virginia? For Cyber Risk Assessment jobs in Virginia, the most frequently searched job titles are:
What job categories do people searching Cyber Risk Assessment jobs in Virginia look for? The top searched job categories for Cyber Risk Assessment jobs in Virginia are:
What cities in Virginia are hiring for Cyber Risk Assessment jobs? Cities in Virginia with the most Cyber Risk Assessment job openings:
Cyber Risk Assessment jobs near you
Infographic showing various Cyber Risk Assessment job openings in Virginia as of May 2026, with employment types broken down into 82% Full Time, 16% Part Time, and 2% Contract. Highlights an 87% Physical, 5% Hybrid, and 8% Remote job distribution.
Cyber Risk Analyst SME

Cyber Risk Analyst SME

Technomics Inc

Arlington, VA โ€ข On-site

Full-time

Posted 14 days ago

Job description

Technomics is a growing employee-owned, decision analytics company that specializes in cost and economic analysis to facilitate better decisions faster. We enable a wide range of clients across the Federal government, from senior level policy makers to program managers, to choose smartly, buy effectively and operate efficiently. We deliver practical, credible and defensible results offering actionable insights by applying data-driven and analytics-based approaches in combination with multidisciplinary talent, subject matter experts, and tangible and repeatable assets in the form of databases, models, approaches and techniques.
Senior Analystshave the knowledge, skills, abilities and initiative to deliver timely, practical and innovative solutions to our clients as part of high-performing project teams typically composed of a mix of junior and mid-level analysts who will look to you for technical acumen and mentoring.
Our employee-owners pride themselves on their ability to apply deep analytical rigor and innovative thought that assist clients in understanding and solving a myriad of challenging resource planning and management problems.
This position may be located in Arlington, VA (Headquarters), Washington D.C., Pentagon, Springfield, VA., Chantilly, VA., Tysons Corner, VA.
Description:
We are seeking a Cyber Risk Analyst (SME-level). This role involves conducting on-site and remote cyber risk assessments, developing mitigation strategies, and enabling proactive enterprise risk identification.
The ideal candidate has deep experience with NIST SP 800-30, MITRE ATT&CK, and threat modeling approaches, and can translate technical risks into mission/business impacts. You will work alongside cybersecurity, OT, and systems engineering SMEs, creating task plans, presenting findings, and traveling to client sites for mission assessments.
We are looking for someone who is agile, creative, and collaborative - able to apply lessons learned, enable data tagging and structured knowledge capture, and help shift the organization from reactive responses toward proactive risk management.
Clearance Required: Active DOE Q or higher (or ability to obtain)
Key Responsibilities:
  • Serve as a Subject Matter Expert (SME) in cyber risk assessment, analysis, and mitigation strategies for critical missions.
  • Conduct on-site and remote cyber risk assessments of enterprise systems, applications, and mission-critical infrastructures.
  • Apply NIST SP 800-30 risk assessment methodology, threat modeling techniques, and frameworks such as MITRE ATT&CK to evaluate vulnerabilities, threats, and risks.
  • Develop and present risk characterization reports, mitigation considerations, and recommendations to client leadership and system owners.
  • Create and manage task plans, assessment schedules, and execution strategies to ensure effective delivery of assessment activities.
  • Collaborate with multi-disciplinary teams of SMEs (cybersecurity, systems engineering, OT, supply chain, and mission assurance) to address enterprise risks.
  • Support the identification, analysis, and validation of complex security risks and associated vulnerabilities, including both technical and operational impacts.
  • Assist in the development of threat-informed mitigation strategies aligned with client enterprise assurance goals.
  • Implement data tagging and structured knowledge capture to enable proactive risk identification, trend analysis, and lessons-learned reuse.
  • Build analytic processes that leverage historical assessment data, external threat databases, and adversary TTPs to anticipate potential risks rather than solely reacting to identified vulnerabilities.
  • Provide expert consultation on risk acceptance, mitigation prioritization, and remediation planning to stakeholders.
  • Maintain awareness of emerging threats, vulnerabilities, adversary tactics, and best practices for defense in depth across the nuclear enterprise.

Required Qualifications:
  • 10+ years of experience in cybersecurity risk assessment, vulnerability analysis, or cyber mission assurance.
  • Deep knowledge of NIST SP 800-30, NIST Risk Management Framework (RMF), and related federal standards.
  • Hands-on experience with threat modeling approaches and application of MITRE ATT&CK for risk evaluation.
  • Demonstrated ability to conduct complex cyber risk assessments and present findings to executive and technical audiences.
  • Proven ability to develop task plans, manage assessment milestones, and work independently or as part of a team.
  • Strong writing and briefing skills to produce risk reports, mitigation strategies, and decision support artifacts.

Preferred Qualifications:
  • Experience supporting national security organizations.
  • Familiarity with supply chain risk management (SCRM), insider threat analysis, or mission-critical system assurance.
  • Operational Technology (OT) and Systems Engineering (SE) experience in complex enterprise environments.
  • Knowledge of nuclear enterprise operations and mission dependencies.
  • Technical certifications such as Security+, CISSP, CISM, C-RMA, CAP, CEH, or OSCP.
  • Prior experience briefing and advising SES-level leadership or program executives.
  • Familiarity with tools supporting risk assessments and vulnerability analysis (e.g., Threat Modeling tools).

Work Environment:
  • Hybrid environment with headquarters-based work in D.C. and regular travel to client sites for on-site risk assessments.
  • Fast-paced, collaborative environment with cross-disciplinary SMEs (cybersecurity, engineering, OT, program management, and intelligence).
  • Requires agility, creativity, and strong interpersonal skills to interact effectively with diverse stakeholders across government, contractors, and mission partners.
  • Role demands adaptability to dynamic mission needs, shifting priorities, and classified environments.
  • Emphasis on teamwork, analytical rigor, and the ability to translate technical risks into mission/business impacts.

Technomics is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to protected status under applicable law, including disability and protected veteran status.

Apply