Riverside Overview
Riverside Research is an independent National Security Nonprofit dedicated to research and development in the national interest. We provide high-end technical services, research and development, and prototype solutions to some of the country's most challenging technical problems. All Riverside Research opportunities require U.S. Citizenship.Position Overview
Riverside Research is seeking a Cybersecurity Governance, Risk and Compliance (GRC) Analyst for the company's corporate enterprise information systems. The individual is responsible for supporting the development, assessment, and execution of security controls aimed at minimizing risk exposure and meeting corporate and regulatory security requirements. As a member of the enterprise team, the individual will have exposure to a broad array of emerging and dynamic technologies necessary to keep Riverside Research on the leading edge of our customers' needs.
This Riverside Research opportunity requires U.S. Citizenship. The position is based in Beavercreek, OH with a hybrid schedule.
Live or relocate to a commutable distance to Beavercreek, Ohio and surrounding areas.
Responsibilities
- Conduct security control design assessments
- Conduct recurring operating effectiveness audits to identify potential control failures
- Support root cause analyses for control failures and provide recommendations for improvement
- Contribute updates to relevant System Security Plans (SSP)
- Maintain GRC platform deficiency registers
- Support operational control processes and user requests for support
- Maintain systems of record for exemptions to policy
- Contribute to security and risk impact analysis for information technology components and services
- Develop system compliance artifacts & body of evidence (BOE)
- Contribute to corporate policy and procedure development
- Contribute to enterprise security awareness and training
- Support corporate incident response processes
Qualifications
- Bachelor's degree in an information technology or cybersecurity related field with five (5) years relevant experience
- Working experience with IT or cybersecurity risk & control frameworks (CMMC, NIST CSF, NIST RMF, PCI-DSS, FedRAMP, CSA STAR, ISO 27000 series, etc.)
- Ability to demonstrate understanding of relationships between data sensitivity and security control selection, design, implementation, and evaluation
- Knowledge of modern enterprise-scale IT environments
- Security control assessment and/or audit experience
- Excellent written, verbal, and inter-personal communications skills
- Proficient in delivering on multiple priorities simultaneously
- Innovative self-starter with strong analytical, problem-solving, and organization skills
- Ability to work independently with minimal direction
Desired Qualifications:
- Master's degree in an information technology or cybersecurity related field
- Industry-recognized cybersecurity or information security certifications (CASP, Sec+, CISSP, CCSP)
- Technical audit experience
- Experience in regulatedindustries (i.e. Defense, Finance, Healthcare, Telecommunications)
- Familiarity with FAR/DFARS requirements pertaining FCI, CDI, CUI, & CMMC
- Familiarity with Windows and Linux Operating system management in an enterprise context
- Understanding of enterprise authentication methods (AD, EntraID, ADFS, SAML)
- Understanding of cloud service and deployment models and shared responsibilities
- Working knowledge of cloud technologies (Azure, AWS, Google Cloud, etc.)
- Prior system administrator or network administrator experience
- Ability to obtain and maintain Secret Security Clearance
Global Comp
$104,000 - $149,000 This represents the typical compensation range for this position based on experience, location and other factors.Closing Statement
Riverside Research Institute is a not-for-profit, technology-oriented defense company, where service to our customers and support of our staff is our overall mission. Riverside is an affirmative action-equal opportunity employer and complies with all applicable federal, state, and local laws regarding recruitment and hiring. Riverside offers comprehensive compensation and benefit packages to our employees. Riverside bases its employment decisions solely on technical experience, qualifications and other job-related criteria related to our organizational purpose as a not-for-profit company, and without regard to race, color, religion, age, sex marital status, sexual orientation, national origin, physical or mental disability, veteran's status or any other status legally protected by applicable federal, state, and local law.