2

Remote Vendor Risk Analyst Jobs in Virginia (NOW HIRING)

Sr. Analyst - SCRM

VA ยท On-site +1

$88K - $116K/yr

General information Job Posting Title Sr. Analyst - SCRM Date Thursday, May 28, 2026 City Remote ... party/vendor risk management (TPRM), federal compliance, or related risk/governance functions ...

AVP, AI Risk and Governance

Arlington, VA ยท On-site +1

$117K - $195K/yr

With a strong analytical background, the AVP will collaborate with technology stakeholders to support a robust risk culture. The ideal candidate has a strong background in enterprise, technology and ...

This role is remote. The Risk, Quality, and Performance Analyst serves as the Risk, Quality, and Performance Analyst supporting an enterprise IT services contract. This role is responsible for ...

Senior Security Engineer, GRC

Reston, VA ยท On-site +1

$119K - $163K/yr

Conduct third-party vendor risk assessments, including use case-specific risk analysis, ongoing ... Remote.com. Additionally, Temporal offers perks to all international employees for learning ...

... vendors, performing monthly Chargemaster maintenance and leading code update initiatives. The ... Exhibits confidence, appropriate risk taking and achievement of high standards * Positive, can-do ...

next page

Showing results 1-20

Remote Vendor Risk Analyst information

Can a risk analyst work remotely?

Yes, many risk analyst roles, including vendor risk analysts, can be performed remotely. These positions often require strong analytical skills, familiarity with risk management tools, and effective communication, which can be managed through digital collaboration platforms from any location. However, some employers may require occasional on-site visits or specific certifications depending on the company's policies.

Is TPRm a good career?

A Remote Vendor Risk Analyst role involves assessing and managing third-party risks to ensure compliance and security. It requires strong analytical skills, knowledge of risk management frameworks, and often involves working with tools like GRC software. This career can offer growth opportunities in risk management and compliance fields.

Do risk analysts make a lot of money?

Risk analysts, including vendor risk analysts, typically earn a median salary that varies by experience and location but generally ranges from $60,000 to $100,000 annually. Senior or specialized risk analysts with certifications like CRCM or CRISC can earn higher salaries, especially in industries with complex compliance requirements. The role often requires strong analytical skills and knowledge of risk management tools.

Is a grc analyst a good entry-level job?

A remote vendor risk analyst is often considered a suitable entry-level role for those interested in cybersecurity and risk management, as it typically requires foundational knowledge of compliance frameworks and risk assessment tools. The position offers opportunities to develop skills in vendor evaluation, security policies, and industry standards like ISO or NIST. However, some roles may prefer candidates with prior experience or certifications such as CISA or CRISC, so entry-level candidates should focus on gaining relevant knowledge and certifications to improve prospects.
What are the most commonly searched types of Vendor Risk Analyst jobs in Virginia? The most popular types of Vendor Risk Analyst jobs in Virginia are:
What job categories do people searching Remote Vendor Risk Analyst jobs in Virginia look for? The top searched job categories for Remote Vendor Risk Analyst jobs in Virginia are:
What cities in Virginia are hiring for Remote Vendor Risk Analyst jobs? Cities in Virginia with the most Remote Vendor Risk Analyst job openings:
Infographic showing various Remote Vendor Risk Analyst job openings in Virginia as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 6% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution.
Cyber Risk Analyst SME

Cyber Risk Analyst SME

Technomics

Arlington, VA โ€ข On-site, Remote

Full-time

Posted 16 days ago


Job description

Technomics is a growing employee-owned, decision analytics company that specializes in cost and economic analysis to facilitate better decisions faster. We enable a wide range of clients across the Federal government, from senior level policy makers to program managers, to choose smartly, buy effectively and operate efficiently. We deliver practical, credible and defensible results offering actionable insights by applying data-driven and analytics-based approaches in combination with multidisciplinary talent, subject matter experts, and tangible and repeatable assets in the form of databases, models, approaches and techniques.

Analysts have the knowledge, skills, abilities and initiative to deliver timely, practical and innovative solutions to our clients as part of high-performing project teams typically composed of a mix of junior and mid-level analysts who will look to you for technical acumen and mentoring.

Our employee-owners pride themselves on their ability to apply deep analytical rigor and innovative thought that assist clients in understanding and solving a myriad of challenging resource planning and management problems.

This position may be located in Arlington, VA (Headquarters), Washington D.C., Pentagon, Springfield, VA., Chantilly, VA., Tysons Corner, VA.

Description:

We are seeking a Cyber Risk Analyst (SME-level). This role involves conducting on-site and remote cyber risk assessments, developing mitigation strategies, and enabling proactive enterprise risk identification.
The ideal candidate has deep experience with NIST SP 800-30, MITRE ATT&CK, and threat modeling approaches, and can translate technical risks into mission/business impacts. You will work alongside cybersecurity, OT, and systems engineering SMEs, creating task plans, presenting findings, and traveling to client sites for mission assessments.
We are looking for someone who is agile, creative, and collaborative โ€” able to apply lessons learned, enable data tagging and structured knowledge capture, and help shift the organization from reactive responses toward proactive risk management.

Clearance Required: Active DOE Q or higher (or ability to obtain)

Key Responsibilities:

  • Serve as a Subject Matter Expert (SME) in cyber risk assessment, analysis, and mitigation strategies for critical missions.
  • Conduct on-site and remote cyber risk assessments of enterprise systems, applications, and mission-critical infrastructures.
  • Apply NIST SP 800-30 risk assessment methodology, threat modeling techniques, and frameworks such as MITRE ATT&CK to evaluate vulnerabilities, threats, and risks.
  • Develop and present risk characterization reports, mitigation considerations, and recommendations to client leadership and system owners.
  • Create and manage task plans, assessment schedules, and execution strategies to ensure effective delivery of assessment activities.
  • Collaborate with multi-disciplinary teams of SMEs (cybersecurity, systems engineering, OT, supply chain, and mission assurance) to address enterprise risks.
  • Support the identification, analysis, and validation of complex security risks and associated vulnerabilities, including both technical and operational impacts.
  • Assist in the development of threat-informed mitigation strategies aligned with client enterprise assurance goals.
  • Implement data tagging and structured knowledge capture to enable proactive risk identification, trend analysis, and lessons-learned reuse.
  • Build analytic processes that leverage historical assessment data, external threat databases, and adversary TTPs to anticipate potential risks rather than solely reacting to identified vulnerabilities.
  • Provide expert consultation on risk acceptance, mitigation prioritization, and remediation planning to stakeholders.
  • Maintain awareness of emerging threats, vulnerabilities, adversary tactics, and best practices for defense in depth across the nuclear enterprise.

Required Qualifications:

  • 10+ years of experience in cybersecurity risk assessment, vulnerability analysis, or cyber mission assurance.
  • Deep knowledge of NIST SP 800-30, NIST Risk Management Framework (RMF), and related federal standards.
  • Hands-on experience with threat modeling approaches and application of MITRE ATT&CK for risk evaluation.
  • Demonstrated ability to conduct complex cyber risk assessments and present findings to executive and technical audiences.
  • Proven ability to develop task plans, manage assessment milestones, and work independently or as part of a team.
  • Strong writing and briefing skills to produce risk reports, mitigation strategies, and decision support artifacts.

Preferred Qualifications:

  • Experience supporting national security organizations.
  • Familiarity with supply chain risk management (SCRM), insider threat analysis, or mission-critical system assurance.
  • Operational Technology (OT) and Systems Engineering (SE) experience in complex enterprise environments.
  • Knowledge of nuclear enterprise operations and mission dependencies.
  • Technical certifications such as Security+, CISSP, CISM, C-RMA, CAP, CEH, or OSCP.
  • Prior experience briefing and advising SES-level leadership or program executives.
  • Familiarity with tools supporting risk assessments and vulnerability analysis (e.g., Threat Modeling tools).

Work Environment:

  • Hybrid environment with headquarters-based work in D.C. and regular travel to client sites for on-site risk assessments.
  • Fast-paced, collaborative environment with cross-disciplinary SMEs (cybersecurity, engineering, OT, program management, and intelligence).
  • Requires agility, creativity, and strong interpersonal skills to interact effectively with diverse stakeholders across government, contractors, and mission partners.
  • Role demands adaptability to dynamic mission needs, shifting priorities, and classified environments.
  • Emphasis on teamwork, analytical rigor, and the ability to translate technical risks into mission/business impacts.

Salary range: $105,000- 200,000 USD
The salary range listed is one part of our total compensation package, which may also include bonuses, incentives and benefits. Individual compensation is determined based on qualifications such as relevant years of experience, education, certifications and geographic location

Technomics is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to protected status under applicable law, including disability and protected veteran status.