ZipRecruiter

Log In

1

Cyber Security Risk Assessment Jobs in Virginia (NOW HIRING)

Analygence

Cybersecurity Assessment Lead

Virginia Beach, VA · On-site

$98K - $133K/yr

The Cybersecurity Assessment Lead serves as the senior assessor overseeing cybersecurity assessment activities supporting Risk Management Framework (RMF) authorization processes for customer networks ...

Analygence

Cybersecurity Assessment Lead

Virginia Beach, VA

$98K - $133K/yr

The Cybersecurity Assessment Lead serves as the senior assessor overseeing cybersecurity assessment activities supporting Risk Management Framework (RMF) authorization processes for customer networks ...

System One Holdings, LLC

Risk Analyst

Merrifield, VA · On-site

... assessment activities with service provider. o Coordinate and prepare documentation, internal communications, and status updates. Requirements: • Experience in cybersecurity risk analysis • ...

RPI Group

Senior Cybersecurity Engineer

Dahlgren, VA · On-site

Develop cybersecurity risk assessment analysis and risk mitigation plans for combat systems * Develop documentation of cybersecurity requirements, gap analysis, threat analysis, system engineering ...

next page

Showing results 1-20

People also search for

All JobsCyber Security Risk Assessment JobsCyber Security Risk Assessment Jobs in Virginia

Cyber Security Risk Assessment information

See Virginia salary details

$56.5K

$131.8K

$184.4K

How much do cyber security risk assessment jobs pay per year?

As of Jun 11, 2026, the average yearly pay for cyber security risk assessment in Virginia is $131,822.00, according to ZipRecruiter salary data. Most workers in this role earn between $110,000.00 and $148,700.00 per year, depending on experience, location, and employer.

Can you make $500,000 a year in cyber security?

Cyber security professionals, especially those in senior roles such as security architects or chief information security officers, can earn $500,000 or more annually, often through a combination of base salary, bonuses, and stock options. Achieving this level typically requires extensive experience, advanced certifications like CISSP or CISM, and working in high-demand industries or organizations with complex security needs.

What are the key skills and qualifications needed to thrive in Cyber Security Risk Assessment, and why are they important?

To excel in Cyber Security Risk Assessment, you need a solid understanding of information security principles, risk management frameworks, and often a degree in cybersecurity, IT, or related fields. Familiarity with tools like vulnerability scanners, SIEM systems, and certifications such as CISSP or CISM are commonly required. Analytical thinking, attention to detail, and strong communication skills help professionals effectively assess risks and convey findings to stakeholders. These skills are crucial for identifying vulnerabilities, prioritizing threats, and ensuring the organization’s data and systems are adequately protected.

What is the role of risk assessment in cyber security?

In cyber security, a risk assessment is a process that identifies, evaluates, and prioritizes potential threats and vulnerabilities to an organization's information systems. It helps security professionals, such as cyber security risk assessors, determine where to allocate resources and implement controls to reduce the likelihood and impact of cyber threats. Conducting regular risk assessments is essential for maintaining an effective security posture and complying with industry standards and regulations.

What is the difference between Cyber Security Risk Assessment vs Cyber Security Analyst?

AspectCyber Security Risk AssessmentCyber Security Analyst
Primary FocusIdentifying and evaluating security risks and vulnerabilitiesMonitoring, analyzing, and responding to security threats
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment teams, consulting firms, security departmentsSecurity operations centers, IT departments, incident response teams

While both roles require similar certifications and work within cybersecurity, a Cyber Security Risk Assessment focuses on evaluating potential vulnerabilities and risks to an organization’s assets. In contrast, a Cyber Security Analyst actively monitors and responds to security threats, ensuring ongoing protection. Understanding these differences helps organizations assign the right responsibilities to each role.

Is SOC analyst a high paying job?

SOC analysts typically earn competitive salaries that increase with experience, certifications, and the size of the organization. Entry-level positions may start at average wages, while experienced analysts with certifications like CISSP or CEH can earn higher salaries, making it a financially rewarding cybersecurity role.

What are some common challenges faced by professionals conducting cyber security risk assessments?

Professionals in cyber security risk assessment often face challenges such as keeping up with rapidly evolving threats, effectively communicating technical risks to non-technical stakeholders, and ensuring comprehensive coverage across complex IT environments. Balancing thoroughness with tight deadlines can also be demanding, as assessments must be both detailed and timely. Collaborating with various departments to gather accurate information and maintain up-to-date asset inventories is crucial for effective risk analysis and mitigation.

What is a cyber security risk assessment?

A cyber security risk assessment is a process used to identify, evaluate, and prioritize potential threats and vulnerabilities that could negatively impact an organization's information systems. By analyzing assets, threats, vulnerabilities, and impacts, organizations can determine the likelihood and consequences of cyber incidents. The goal is to implement appropriate measures to reduce risks to acceptable levels, ensuring data protection and regulatory compliance. Regular risk assessments help organizations stay ahead of evolving cyber threats and make informed security decisions.

What is the 80 20 rule in cyber security?

In cyber security risk assessment, the 80/20 rule suggests that approximately 80% of security issues are caused by 20% of vulnerabilities or threats. Security professionals focus on identifying and mitigating the most critical risks to efficiently improve overall security posture.
What are popular job titles related to Cyber Security Risk Assessment jobs in Virginia? For Cyber Security Risk Assessment jobs in Virginia, the most frequently searched job titles are:
What job categories do people searching Cyber Security Risk Assessment jobs in Virginia look for? The top searched job categories for Cyber Security Risk Assessment jobs in Virginia are:
What cities in Virginia are hiring for Cyber Security Risk Assessment jobs? Cities in Virginia with the most Cyber Security Risk Assessment job openings:
Cyber Security Risk Assessment jobs near you
Infographic showing various Cyber Security Risk Assessment job openings in Virginia as of June 2026, with employment types broken down into 1% As Needed, 82% Full Time, 13% Part Time, and 4% Contract. Highlights an 91% Physical, 4% Hybrid, and 5% Remote job distribution, with an average salary of $131,822 per year, or $63.4 per hour.
Cybersecurity Assessment Lead

Cybersecurity Assessment Lead

Analygence

Virginia Beach, VA • On-site

$98K - $133K/yr

Full-time

Posted 26 days ago

Job description

Description
Tharros is seeking a Cybersecurity Assessment Lead for an upcoming program supporting a US Navy customer located at NAS Oceana. The Cybersecurity Assessment Lead serves as the senior assessor overseeing cybersecurity assessment activities supporting Risk Management Framework (RMF) authorization processes for customer networks and training systems.
This position leads independent security control validation activities, ensures RMF packages are complete and compliant, and provides cybersecurity risk analysis to the Government Security Control Assessor (SCA) and Authorizing Official (AO). The Assessment Lead provides technical direction and quality oversight for cybersecurity assessment personnel supporting RMF validation and continuous monitoring activities.
  • Lead cybersecurity assessment teams supporting RMF authorization activities across all performance locations.
  • Perform or oversee independent security control assessments for DoD information systems.
  • Validate implementation of required NIST 800-53 security controls.
  • Support Security Control Assessors (SCA) in evaluating residual cybersecurity risk.
  • Provide technical leadership and quality oversight for cybersecurity assessors supporting RMF validation efforts.

  • RMF Assessment Support
    • Lead RMF assessment activities in accordance with DoD and Department of the Navy cybersecurity requirements. Conduct or oversee independent verification and validation of implemented security controls, including initial authorization assessments and periodic reassessments. Analyze testing results and provide cybersecurity risk assessments to the Government SCA and Authorizing Official.
  • RMF Package Development and Reporting
    • Oversee preparation and delivery of RMF artifacts including:
    • Security Assessment Plans (SAP)
    • Security Assessment Reports (SAR)
    • Risk Assessment Reports (RAR)
    • System Security Plans (SSP)
    • Continuous Monitoring Strategies
    • Plans of Action & Milestones (POA&M)
    • Ensure cybersecurity artifacts are properly documented and maintained within the Enterprise Mission Assurance Support Service (eMASS) system.

Requirements
  • A Minimum 10 years of cybersecurity experience, including significant experience supporting Risk Management Framework (RMF) assessment and authorization activities for DoD or Navy systems.
  • Active Top Secret DoD Clearance.
  • Demonstrated experience leading cybersecurity assessments or validation teams supporting DoD RMF authorization processes.
  • Experience supporting Security Control Assessors (SCA) or equivalent cybersecurity assessment authorities.
  • Demonstrated experience performing or leading security control assessments, system authorization support, and cybersecurity risk evaluations in accordance with:
    • NIST SP 800-37
    • NIST SP 800-53
    • DoD RMF
    • DoN RMF Process Guide
  • Expert knowledge of DoD RMF and the DoN RMF Process Guide.
  • Experience using eMASS for RMF package preparation and maintenance.
  • Knowledge of CNSSI 1253 and ICD 503 cybersecurity requirements.
  • Strong leadership and team management capabilities.
  • Ability to provide cybersecurity risk analysis to senior Government stakeholders.
  • Strong technical writing skills for cybersecurity assessment documentation.
  • Familiarity with Navy network architecture and training system environments.

Apply