Remote Cyber Security Risk Analyst Jobs (NOW HIRING)

Cybersecurity Certification & Accreditation Analyst Lead

Fully Remote • REMOTE (United States) - Remote, VA 22211

Overview

BMA is seeking a Cybersecurity Certification & Accreditation Analyst Lead to support the DLA JETS Cybersecurity Assessment and Authorization Analyst (CS AAA) Support Services program. This is a fully remote position and contingent on contract award.

Description

BMA is seeking a Cybersecurity Certification and Accreditation (C&A) Analyst to support our DLA Cybersecurity Assessment and Authorization Analyst (CS AAA) Support Services contract. The analyst serves as a cybersecurity Subject Matter Expert (SME) supporting the DLA J6 Cybersecurity Program, providing technical expertise in the authorization of information systems and cybersecurity compliance activities across DLA's enterprise IT and Operational Technology (OT) environments. This role supports the assessment, authorization, and continuous monitoring of information systems under the Risk Management Framework (RMF) and ensures compliance with DoD cybersecurity policies, federal information security regulations, and DLA cybersecurity implementation guidance. The analyst performs cybersecurity validation activities throughout the DoD System Development Life Cycle (SDLC) and assists program offices, Information System Security Managers (ISSMs), and Authorizing Officials (AOs) in maintaining the security posture of DLA systems. The position supports complex enterprise environments including large and small enclaves, applications, and outsourced IT services, ensuring security controls are implemented, assessed, and monitored in accordance with NIST SP 800-53, DoD cybersecurity policy, and the DLA RMF Implementation Process Guide.

Key Responsibilities include but are not limited to:

• Cybersecurity Assessment and Authorization Support: Provides cybersecurity subject matter expertise supporting authorization and accreditation activities for DLA information systems. Assists ISSMs and AOs with implementation of the DoD Risk Management Framework throughout the system development lifecycle, conducts security control reviews and authorization package analysis, and supports cybersecurity activities across IT, Platform IT (PIT), and Operational Technology / Facility Related Control Systems environments.
• RMF Execution: Supports execution of all phases of the RMF authorization process, including system categorization, security control selection, implementation validation, security control assessment, authorization, and continuous monitoring. Assists in the development and maintenance of RMF documentation and supports system registration and cybersecurity documentation management within the Enterprise Mission Assurance Support Service environment.
• Security Control Assessment and Compliance Validation: Evaluates the implementation and effectiveness of security controls defined in NIST SP 800-53 and DoD cybersecurity guidance. Conducts security control validation reviews, identifies non-compliant controls and vulnerabilities, determines severity levels, assesses impacts to system authorization status, and provides mitigation strategies and remediation recommendations.
• Cybersecurity Risk Analysis and Vulnerability Management: Analyzes security findings and vulnerabilities identified through cybersecurity assessments and scanning tools. Determines the operational and security impact of vulnerabilities on system authorization and risk posture, supports remediation activities, tracks vulnerabilities through Plans of Action and Milestones (POA&M), and assists with monitoring vulnerabilities identified through ACAS scans and IAVA alerts.
• Documentation, Reporting, and Briefings: Develops cybersecurity assessment documentation supporting system authorization packages, maintains documentation repositories for system and organizational artifacts, prepares and delivers briefings to government stakeholders and senior leadership, and provides cybersecurity status reports and recommendations to Program Managers, ISSMs, and Authorizing Officials.
• Cybersecurity Program Coordination: Coordinates cybersecurity activities with program offices, system managers, and security personnel across the DLA enterprise to support effective execution of authorization and compliance efforts.

Clearance Requirements

There is a Secret Security clearance requirement for this position.

Required Skills & Certifications

• Current DoD 8570.01/8140 IAM Level III certification that includes one or more of the following: CISM, CISSP, GSLC, or CCISO.
• Five or more years of relevant Certification and Accreditation (C&A) and/or RMF cybersecurity experience.
• Demonstrated experience supporting DoD cybersecurity programs and system authorization processes.
• Strong understanding of Risk Management Framework (RMF) implementation and NIST cybersecurity standards.
• Experience assessing security controls and conducting authorization reviews within large, complex enterprise environments.
• Ability to evaluate vulnerabilities, assess risk, and determine impacts to system authorization status.
• Strong analytical, technical documentation, and communication skills.

Desired Skills & Certifications

• Experience supporting DoD or DLA program offices.
• Experience supporting DoD or DLA environments.
• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Engineering, Business Administration, or a related field.
• Five or more years of leadership experience with progressively increasing responsibility managing technical teams, programs, or contracts.
• At least one year of program or project management experience.
• Current Project Management Professional (PMP) certification or an equivalent recognized project management certification.
• Current Risk Management Professional certification such as PMP-RMP, CRISC, CISA, CISM, CGRC, or RIMS-CRMP.

Other Duties

• Able to travel within a week's notice.
• This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job.
• Duties, responsibilities, and activities may change at any time with or without notice.