Cyber Security Risk Analyst

About NFF:

Our solutions, professional services and IT staffing portfolio are centered around building more resilient, secure, adaptive, and intelligent IT infrastructure and include comprehensive assessment, architecture, design, integration and installation services, and ongoing performance management services though our Network Operations Center (NOC).

In addition to Cisco, NFF has key partnerships with many manufacturers and IT solution providers including, Rapid7, Arctic Wolf, VMware, NetApp and Splunk.

NFF is a District of Columbia (DC) Certified Business Enterprise (CBE) and a SBA Certified Small Business with headquarters in downtown Washington, DC. Our dedication to quality is reflected in our accomplishment of being awarded multiple ISO 9001:2015 certifications.

About this Position / Responsibilities:

• Manage and prioritize risks in a risk register based on likelihood and impact.
• Identify control sets to align cybersecurity controls with regulatory and contractual requirements such as CSF, PCI, and FFIEC.
• Collaborate with teams to design, implement, monitor, and remediate necessary security measures.
• Implement tests and reporting to establish control effectiveness.
• Conduct information security risk assessments to evaluate information systems, vendors, programs and procedures.
• Define system boundaries and threat models.
• Identify attack paths.
• Validate required controls.
• Identify gaps in vulnerability assessments and testing.
• Document evaluation results and recommendations.
• Create data sources and analytical processes to detect gaps.
• Deploy and manage security solutions.
• Provide regular reports of cybersecurity posture to senior management.
• Develop enterprise policies and standards.
• Assist training and awareness activities.

• Demonstrated technical knowledge of one or more key information system platforms with the associated configurations used to secure them:
• Windows
• Linux
• AWS
• Salesforce
• Technical experience in several security domains: identify and access, systems, networking, cloud, security tools, monitoring, incident response, forensics, applications and interfaces.
• Experience in one or more areas: risk assessment, DLP, GRC, IT audit, IT controls design and testing, and/or third-party risk review
• Ability to scope data classification and control requirements based on regulatory requirements.
• Ability to manipulate data using SQL and/or Excel functions.
• Ability to present summary data in graphs and charts.
• Experience with cloud security controls
• Excellent customer service skills.
• Strong research, analytical, and problem-solving skills.
• Excellent oral and written communication skills, including technical writing.
• Ability to function independently and as a team member.

Qualifications:

• Bachelor’s degree in computer science, information security, or a related field.
• Minimum of eight (8) years of experience in Information Security or a combination of education and experience which meets the requisite skill level.

• Technical certs for Windows, Linux, Microsoft 365, AWS, Salesforce and/or SANS preferred.
• Professional security certs such as CISSP, CRISC, CISM, CIPP, or CTPRP are preferred.

• Experience with vulnerability management systems (Nessus, Qualys, Rapid7, etc.)
• Experience working in a GRC application (e.g. RSA Archer, ServiceNow, etc.)
• Experience with large enterprise IT environments

• Ability to physically operate and occasionally move computer equipment.

NFF Disclosures:

NFF offers a competitive salary, comprehensive benefits and flexible paid time off options, for eligible employees:

• Medical, Dental and Vision, Health Savings Account, Flexible Spending Account
• STD, LTD, Supplemental life insurance and ADD&D
• Comprehensive 401k plan
• Paid Time Off

NFF is an Equal Opportunity Employer.

Important Notice: All NFF Inc communications come from @nffinc.com. Emails from other domains claiming to be NFF are likely scams. Be cautious, verify senders, and report suspicious messages immediately.