Cyber Risk & Compliance Analyst

Dice is the leading career destination for tech experts at every stage of their careers. Our client, DatamanUSA, LLC, is seeking the following. Apply via Dice today!

DatamanUSA is looking for a Cyber Risk & Compliance Analyst for our direct client based in MD. This is a great opportunity for someone who is a quick learner with excellent people skills.

Job Details:

Job Title: Cyber Risk & Compliance Analyst

Location: Rockville, MD

Duration: 6 months

Hands-on Knowledge, Skills and Abilities:

• ) Hands-on experience of cyber security and privacy industry, including the technology used to protect the confidentiality, integrity and availability of sensitive information.
• ) Hands-on experience working knowledge of security frameworks and regulatory requirements such as NIST SP 800-171, CIS Controls, FERPA, GLBA, PCI-DSS, and privacy standards.
• ) Knowledge, appreciation and prioritization of principles and practices of project organization, planning, records management, and general administration.
• ) Working knowledge of IT enterprise operations, architecture, and IT as a Service.
• ) Hands-on experience of vulnerability management principles, methodologies, and tools
• ) Hands-on experience with patch management processes, secure configuration standards, and system hardening practices.
• ) Hands-on experience knowledge of common threat vectors, exploitation techniques, and the vulnerability lifecycle.
• ) Hands-on knowledge of risk management concepts, risk scoring, risk registers, and POA&M tracking.
• ) Hands-on experience with SOC reports, third-party risk assessments, and due diligence reviews.
• ) Hands-on experience to analyze vulnerability data, correlate findings with threat intelligence, and assess potential business impact.
• ) Hands-on experience in interpreting scan results, identifying false positives, and validating remediation actions.
• ) Ability to perform root-cause analysis for recurring or high-risk findings.
• ) Strong attention to detail when documenting risks, findings, or compliance gaps.
• ) Ability to manage multiple assessments, findings, risks, and remediation efforts simultaneously.
• ) Hands-on experience in writing policies, standards, processes and procedures.
• ) Hands-on experience in leading and/or conducting audits, assessments or reviews of technical systems and processes.
• ) Effective verbal and written communication skills, presentation, and public speaking skills.
• ) Effective skills in developing and presenting educational or training programs.
• ) Effective planning, organizational and multi-tasking skills with minimal supervision.
• ) Ability to think critically and analyze information and situations; present findings and make recommendations.
• ) Ability to identify compliance and security needs independent of management direction.
• ) Ability to grasp technical concepts at all levels of computer systems, from system hardware components and architecture to system integration and implementations.
• ) Ability to work independently and as part of a team.
• ) Ability to advise, train, and motivate technical and non-technical individuals in regulatory compliance and information and systems security efforts.
• ) Ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse.
• ) Ability to communicate technical concepts and data to non-technical audiences.
• ) Ability to achieve goals through influence, collaboration, and cooperation.
• ) Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• ) Ability to produce technical documentation.
• ) Ability to handle and maintain confidential information.
• ) Ability to exercise judgment when policies are not well-defined.
• ) Ability to think critically, analyze issues and solve sensitive and complex problems under pressure.