Cyber Risk Analyst

Cybersecurity Risk Management Analyst

Location: Remote
Clearance Required: Minimum Secret
Employment Type: Full Time, Regular

Job Description

Special Aerospace Security Services, Inc. (SASSI) is seeking a Cybersecurity Risk Management Analyst (CSRMA) to support a United States Government client. The Analyst will play a key role in assessing and managing cybersecurity risks across the organization’s supply chain vendors, partners, and suppliers. This role includes evaluating risks tied to hardware, software, third-party services, and data management processes, and developing mitigation strategies that strengthen supply chain resilience.

The CSRMA will collaborate with procurement and vendor management teams to ensure cybersecurity requirements are embedded in contracts and agreements. The Analyst will continuously monitor supply chain risks, stay current on emerging threats, and provide senior leadership with clear, actionable reporting.

Work Environment

This is a remote position; however, the selected candidate is expected to maintain a full-time presence during normal business hours. The employee must be consistently available and responsive to the team and client during core business hours of 8:30 AM to 3:30 PM EST, Monday through Friday (flexible working hours between 7:00AM to 6:00PM). Participation in virtual meetings, collaborative working sessions, and prompt communication via Microsoft Teams, email, and other platforms is required to ensure alignment with stakeholders and project leadership.

Primary Responsibilities

• Conduct cybersecurity risk assessments of supply chain vendors, partners, and suppliers.
• Analyze risks across hardware, software, third-party services, and data management processes.
• Develop and implement risk mitigation strategies, controls, and remediation plans.
• Collaborate with procurement and vendor management teams to embed cybersecurity requirements into contracts.
• Monitor and track supply chain risks, providing updates and reports to senior management.
• Stay current with emerging threats, trends, and best practices in supply chain cybersecurity.
• Follow established processes and procedures to complete risk assessments in compliance with organizational standards.
• Work independently to resolve challenges during risk assessments, escalating as appropriate.

Basic Qualifications

• U.S. Citizenship (required).
• Active Secret clearance (minimum).
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related discipline.
• 5–7 years of experience in cybersecurity risk management, with a focus on supply chain risk management.
• Strong understanding of risk assessment methodologies and frameworks (e.g., NIST, ISO, CSA).
• Familiarity with supply chain regulatory requirements (CMMC, DFARS).
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and collaboratively within a team environment.
• Professional certifications preferred: CISSP, CISM, CRISC.
• Federal government experience strongly desired.

Desired Tools & Platforms

• Governance, Risk, & Compliance Tools (e.g., ServiceNow, Xacta, RSA Archer).
• Vulnerability and risk assessment tools: Nessus, Tenable, RedSeal.
• Industry standards: DISA STIGs, CIS Benchmarks.
• Collaboration tools: Microsoft Teams, ServiceNow.

Desired Skills

• Drafting cybersecurity policies, procedures, and risk management documentation.
• Applying qualitative and quantitative risk analysis techniques.
• Technical and non-technical report writing.
• Document formatting best practices (headers, styles, templates, TOCs).
• Zero Trust Architecture (ZTA) concepts.
• Cyber resilience and supply chain security methodologies.

Certifications

• Required: DoD 8570.01 IAM Level II (e.g., CAP, CASP , CISM, CISSP [Associate], GSLC).
• Preferred: CISSP, CISA, CRISC, or other advanced cybersecurity certifications.

Education

• Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field (required).