• Cybersecurity Risk Management Analyst

    Job Locations US-TX-Austin
    Posted Date 1 week ago(11/5/2018 11:30 AM)
    Job ID
    # of Openings
    Information Technology
  • Overview

    GovernmentCIO is looking to bring on a Cybersecurity Risk Management Anaylst to help support our team located in Austin, TX.



    The Cybersecurity Risk Management Analyst is responsible for effectively managing information security risk organization-wide requires the following key elements:

    • Assignment of risk management responsibilities to senior leaders/executives;
    • Ongoing recognition and understanding by senior leaders/executives of the information security risks to organizational operations and assets, individuals, other organizations, and the Nation arising from the operation and use of information systems;
    • Establishing the organizational tolerance for risk and communicating the risk tolerance throughout the organization including guidance on how risk tolerance impacts ongoing decision-making activities;8 and
    • Accountability by senior leaders/executives for their risk management decisions and for the implementation of effective, organization-wide risk management programs.

    GCIO seeks a Cybersecurity Risk Management Analyst with the following:

    • Knowledge of strategic planning for cybersecurity risk management
    • Knowledge of cybersecurity risk management implementation (strategy and plan to exeute)
    • Knowledge of NIST 800-39 Managing Information Security Risk (Organization, Mission, and Information System view).  The is different focus than 800-37 Guide for Applying the Risk Managment Framework
    • Knowledge of NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) new framework that D/A are applying to their cybersecurity program and it is how they are reporting FISMA metrics to DHS
    • Knowledge of GRC (governance, risk management, compliance)
    • Knowledge of FISMA
    • Knowledge of 800-53 controls
    • Senior level communications
    • Strategic planning
    • Excellent analysis and writing skills

    The Cybersecurity Risk Management Analyst will:

    • Ensure that senior leaders/executives recognize the importance of managing information security risk and establish appropriate governance structures for managing such risk;
    • Ensure that the organization’s risk management process is being effectively conducted across the three tiers of organization, mission/business processes, and information systems;
    • Foster an organizational climate where information security risk is considered within the context of the design of mission/business processes, the definition of an overarching enterprise architecture, and system development life cycle processes; and
    • Help individuals with responsibilities for information system implementation or operation better understand how information security risk associated with their systems translates into organization-wide risk that may ultimately affect the mission/business success.


    • Bachelor's degree 
    • 5 to 7 years experience 
    • Enterprise Risk Management, Cybersecurity Risk Management, Governance Risk and Compliance (GRC), Cybersecurity Framework (CSF), FISMA, NIST 800-39
    • CISSP preferred, but not required





    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed