• Conduct security control design assessments
• Conduct recurring operating effectiveness audits to identify potential control failures
• Support root cause analyses for control failures and provide recommendations for improvement
• Contribute updates to relevant System Security Plans (SSP)
• Maintain GRC platform deficiency registers
• Support operational control processes and user requests for support
• Maintain systems of record for exemptions to policy
• Contribute to security and risk impact analysis for information technology components and services
• Develop system compliance artifacts & body of evidence (BOE)
• Contribute to corporate policy and procedure development
• Contribute to enterprise security awareness and training
• Support corporate incident response processes

Required Qualifications:

• Bachelor’s degree in an information technology or cybersecurity related field with five (5) years relevant experience
• Working experience with IT or cybersecurity risk & control frameworks (CMMC, NIST CSF, NIST RMF, PCI-DSS, FedRAMP, CSA STAR, ISO 27000 series, etc.)
• Ability to demonstrate understanding of relationships between data sensitivity and security control selection, design, implementation, and evaluation
• Knowledge of modern enterprise-scale IT environments
• Security control assessment and/or audit experience
• Excellent written, verbal, and inter-personal communications skills
• Proficient in delivering on multiple priorities simultaneously
• Innovative self-starter with strong analytical, problem-solving, and organization skills
• Ability to work independently with minimal direction

Preferred Qualifications:

• Master’s degree in an information technology or cybersecurity related field
• Industry-recognized cybersecurity or information security certifications (CASP, Sec+, CISSP, CCSP)
• Technical audit experience
• Experience in regulated industries (i.e. Defense, Finance, Healthcare, Telecommunications)
• Familiarity with FAR/DFARS requirements pertaining FCI, CDI, CUI, & CMMC
• Familiarity with Windows and Linux Operating system management in an enterprise context
• Understanding of enterprise authentication methods (AD, EntraID, ADFS, SAML)
• Understanding of cloud service and deployment models and shared responsibilities
• Working knowledge of cloud technologies (Azure, AWS, Google Cloud, etc.)
• Prior system administrator or network administrator experience
• Ability to obtain and maintain Secret Security Clearance

$104,000 - $149,000 This represents the typical compensation range for this position based on experience, location and other factors.

Riverside Research Institute is a not-for-profit, technology-oriented defense company, where service to our customers and support of our staff is our overall mission. Riverside is an affirmative action-equal opportunity employer and complies with all applicable federal, state, and local laws regarding recruitment and hiring. Riverside offers comprehensive compensation and benefit packages to our employees. Riverside bases its employment decisions solely on technical experience, qualifications and other job-related criteria related to our organizational purpose as a not-for-profit company, and without regard to race, color, religion, age, sex marital status, sexual orientation, national origin, physical or mental disability, veteran’s status or any other status legally protected by applicable federal, state, and local law.