Senior Cybersecurity A&A Risk Analyst
Cherokee Federal, Glenpool, OK, United States
Senior Cybersecurity A&A Risk Analyst
Position Summary
The Senior Cybersecurity Assessment & Authorization (A&A) Risk Analyst provides advanced governance, risk, and compliance (GRC) support to federal information systems in alignment with the Federal Information Security Modernization Act (FISMA) and the NIST Risk Management Framework (RMF).
This position is responsible for managing external service authorization activities, conducting security risk assessments, and supporting NSF's continuous monitoring efforts. The role requires strong analytical, documentation, and stakeholder engagement skills to ensure federal systems maintain compliance with applicable federal laws, regulations, and NSF directives.
Essential Duties and Responsibilities Assessment & Authorization (A&A)
Manage full lifecycle RMF activities in accordance with NIST SP 800-37.
Develop, review, and maintain security authorization documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).
Review and assess FedRAMP authorization packages, and package updates, to support the evaluation and use of cloud services.
Monitor ATO packages in the FedRAMP Secure Repository.
Communicate with system owners, ISSOs, Cloud Service Providers, and security stakeholders to review significant system changes and ensure continued compliance with federal security requirements.
Evaluate and validate implementation of security controls defined in NIST SP 800-53 Rev. 5, including inherited and agency-implemented controls.
Conduct risk assessments using methodologies consistent with NIST SP 800-30 and provide risk analysis and recommendations to Authorizing Officials and senior stakeholders.
Support continuous monitoring and ongoing authorization activities by reviewing vulnerability scans, tracking POA&Ms, and coordinating remediation efforts.
Governance, Risk & Compliance (GRC)
Peer review cybersecurity policies, standards, procedures, and implementation guidance.
Perform regulatory and policy analysis to ensure alignment with federal requirements and agency directives.
Conduct gap analyses to assess compliance posture and recommend remediation strategies.
Assist in development of control overlays, baseline updates, and security control tailoring guidance.
Provide subject matter expertise in governance discussions.
Support enterprise reporting activities, including risk metrics and compliance dashboards in ServiceNow.
Compliance & Oversight Support
Provide documentation and analysis support for internal and external reviews, including FISMA reporting activities.
Assist in preparing responses to oversight inquiries and tracking corrective actions.
Perform quality assurance reviews of security documentation to ensure accuracy and consistency.
Required Qualifications
Bachelor's degree in Cybersecurity, Information Technology, Public Policy, or related discipline (or equivalent experience).
Professional certification(s) such as CISSP, CISM, or CAP.
Minimum of 7 years of progressive cybersecurity experience, including at least 4 years supporting federal RMF/A&A efforts.
Demonstrated experience implementing the NIST RMF.
Strong knowledge of Federal RMF, FedRAMP, NIST SP 800-53 Rev. 5, and FISMA.
Familiarity with Federal Zero Trust Strategy and federal cloud security requirements.
Experience supporting Moderate and/or High impact systems.
Experience with Microsoft 365 Office applications.
Excellent written and verbal communication skills.
Ability to engage effectively with technical teams and executive leadership.
Active Public Trust clearance or ability to obtain.
Preferred Qualifications
Experience with ServiceNow, CSAM and/or comparable GRC tools.
Familiarity with Atlassian Confluence and JIRA.
Experience contributing to enterprise-level cybersecurity policy initiatives.
Familiarity with guidance pertaining to responsible AI usage by federal agencies (e.g., E.O. 13960, M-25-21, M-25-22).
Experience supporting federal research or grant-management systems.
Core Competencies
Federal Cybersecurity Governance
Risk Assessment & Analysis
Policy Development & Regulatory Interpretation
Technical Documentation & Quality Assurance
Stakeholder Engagement
Analytical Problem Solving
Work Environment This is a full-time remote position supporting Cherokee Federal's cybersecurity contract with the U.S. National Science Foundation in Alexandria, VA. This position reports to the Cybersecurity Oversight and Compliance Lead, operates within a structured federal compliance environment, and requires collaboration with system owners, security personnel, program offices, and senior stakeholders. The role supports ongoing authorization, governance initiatives, and periodic oversight reviews to maintain a strong cybersecurity posture across NSF systems.
About Criterion Systems Criterion Systems LLC is a part of Cherokee Federal - the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government's mission with compassion and heart. To learn more about Criterion, visit cherokee-federal.com.
Cherokee Federal is a military-friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.
Cybersecurity RMF Analyst
Cybersecurity GRC Analyst
Information Security Risk Analyst
Cybersecurity Compliance Analyst
NIST RMF / NIST 800-53
FedRAMP / ATO Authorization
FISMA Compliance
Security Authorization (A&A)
ServiceNow GRC / Cyber Risk Management
Federal Cybersecurity Risk Management
#CherokeeFederal #LI-SM2 #AppC
Legal Disclaimer:
All qualified applicants will receive consideration for employment without regard to protected veteran status, disability or any other status protected under applicable federal, state or local law.
#J-18808-Ljbffr
The Senior Cybersecurity Assessment & Authorization (A&A) Risk Analyst provides advanced governance, risk, and compliance (GRC) support to federal information systems in alignment with the Federal Information Security Modernization Act (FISMA) and the NIST Risk Management Framework (RMF).
This position is responsible for managing external service authorization activities, conducting security risk assessments, and supporting NSF's continuous monitoring efforts. The role requires strong analytical, documentation, and stakeholder engagement skills to ensure federal systems maintain compliance with applicable federal laws, regulations, and NSF directives.
Essential Duties and Responsibilities Assessment & Authorization (A&A)
Manage full lifecycle RMF activities in accordance with NIST SP 800-37.
Develop, review, and maintain security authorization documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).
Review and assess FedRAMP authorization packages, and package updates, to support the evaluation and use of cloud services.
Monitor ATO packages in the FedRAMP Secure Repository.
Communicate with system owners, ISSOs, Cloud Service Providers, and security stakeholders to review significant system changes and ensure continued compliance with federal security requirements.
Evaluate and validate implementation of security controls defined in NIST SP 800-53 Rev. 5, including inherited and agency-implemented controls.
Conduct risk assessments using methodologies consistent with NIST SP 800-30 and provide risk analysis and recommendations to Authorizing Officials and senior stakeholders.
Support continuous monitoring and ongoing authorization activities by reviewing vulnerability scans, tracking POA&Ms, and coordinating remediation efforts.
Governance, Risk & Compliance (GRC)
Peer review cybersecurity policies, standards, procedures, and implementation guidance.
Perform regulatory and policy analysis to ensure alignment with federal requirements and agency directives.
Conduct gap analyses to assess compliance posture and recommend remediation strategies.
Assist in development of control overlays, baseline updates, and security control tailoring guidance.
Provide subject matter expertise in governance discussions.
Support enterprise reporting activities, including risk metrics and compliance dashboards in ServiceNow.
Compliance & Oversight Support
Provide documentation and analysis support for internal and external reviews, including FISMA reporting activities.
Assist in preparing responses to oversight inquiries and tracking corrective actions.
Perform quality assurance reviews of security documentation to ensure accuracy and consistency.
Required Qualifications
Bachelor's degree in Cybersecurity, Information Technology, Public Policy, or related discipline (or equivalent experience).
Professional certification(s) such as CISSP, CISM, or CAP.
Minimum of 7 years of progressive cybersecurity experience, including at least 4 years supporting federal RMF/A&A efforts.
Demonstrated experience implementing the NIST RMF.
Strong knowledge of Federal RMF, FedRAMP, NIST SP 800-53 Rev. 5, and FISMA.
Familiarity with Federal Zero Trust Strategy and federal cloud security requirements.
Experience supporting Moderate and/or High impact systems.
Experience with Microsoft 365 Office applications.
Excellent written and verbal communication skills.
Ability to engage effectively with technical teams and executive leadership.
Active Public Trust clearance or ability to obtain.
Preferred Qualifications
Experience with ServiceNow, CSAM and/or comparable GRC tools.
Familiarity with Atlassian Confluence and JIRA.
Experience contributing to enterprise-level cybersecurity policy initiatives.
Familiarity with guidance pertaining to responsible AI usage by federal agencies (e.g., E.O. 13960, M-25-21, M-25-22).
Experience supporting federal research or grant-management systems.
Core Competencies
Federal Cybersecurity Governance
Risk Assessment & Analysis
Policy Development & Regulatory Interpretation
Technical Documentation & Quality Assurance
Stakeholder Engagement
Analytical Problem Solving
Work Environment This is a full-time remote position supporting Cherokee Federal's cybersecurity contract with the U.S. National Science Foundation in Alexandria, VA. This position reports to the Cybersecurity Oversight and Compliance Lead, operates within a structured federal compliance environment, and requires collaboration with system owners, security personnel, program offices, and senior stakeholders. The role supports ongoing authorization, governance initiatives, and periodic oversight reviews to maintain a strong cybersecurity posture across NSF systems.
About Criterion Systems Criterion Systems LLC is a part of Cherokee Federal - the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government's mission with compassion and heart. To learn more about Criterion, visit cherokee-federal.com.
Cherokee Federal is a military-friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.
Cybersecurity RMF Analyst
Cybersecurity GRC Analyst
Information Security Risk Analyst
Cybersecurity Compliance Analyst
NIST RMF / NIST 800-53
FedRAMP / ATO Authorization
FISMA Compliance
Security Authorization (A&A)
ServiceNow GRC / Cyber Risk Management
Federal Cybersecurity Risk Management
#CherokeeFederal #LI-SM2 #AppC
Legal Disclaimer:
All qualified applicants will receive consideration for employment without regard to protected veteran status, disability or any other status protected under applicable federal, state or local law.
#J-18808-Ljbffr