What are the responsibilities and job description for the Cybersecurity Risk Analyst position at The George Washington University?
Posting Details
I. Job Overview
Job Description Summary:
George Washington University Information Technology ( GWIT ) is the chief provider of technology services and applications at The George Washington University (GW). GWIT partners with all key stakeholders across GW to equip students, faculty, and staff with the technology and tools necessary to achieve academic and research excellence. This position works within GWIT to assure the security and compliance of systems to assure their confidentiality, integrity, and availability while protecting regulated, non-regulated, and research data.
Education
This position works within GWIT Technology Cybersecurity Risk and Assurance team to develop and implement the GW IT risk management strategy to identify, reduce / remediate, or monitor risks through education, awareness, IT vendor and product risk assessments and risk remediation monitoring across on-premises, managed cloud, and SasS environments. The position works collaboratively with other risk analysts and security engineers to enhance threat and vulnerability management for operational, academic, and research systems and tools. The position will also support assurance and compliance efforts as they relate to regulated research data and other applicable regulations and university polices. The position ensures collaborative outcomes with university stakeholders, external vendors, and partners with internal and external stakeholders to improve processes, mitigate risks, and remediate vulnerabilities related to IT risk. This position directly contributes to the overall GW IT cybersecurity risk management program including:
Minimum Qualifications
Qualified candidates will hold a Bachelor’s degree in an appropriate area of specialization plus 2 years of relevant professional experience, or, a Master’s degree or higher in a relevant area of study. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.
Preferred Qualifications
Additional Required Licenses/Certifications/Posting Specific Minimum Qualifications:
GW Staff Approach to Pay
How is pay for new employees determined at GW?
Healthcare Benefits
GW offers a comprehensive benefit package that includes medical, dental, vision, life & disability insurance, time off & leave, retirement savings, tuition, well-being and various voluntary benefits. For program details and eligibility, please visit https://hr.gwu.edu/benefits-programs.
II. JOB DETAILS
Campus Location: Ashburn, Virginia
College/School/Department: GW IT
Family Information Technology
Sub-Family IT Risk and Compliance
Stream Individual Contributor
Level Level 2
Full-Time/Part-Time: Full-Time
Hours Per Week: 40
Work Schedule: Monday - Friday 9am-5pm
Will this job require the employee to work on site? Yes
Employee Onsite Status Hybrid
Telework: Yes
Required Background Check: Criminal History Screening, Education/Degree/Certifications Verification, Social Security Number Trace, and Sex Offender Registry Search
Special Instructions To Applicants
Employer will not sponsor for employment Visa status
Internal Applicants Only? No
Posting Number: S013954
Job Open Date: 12/12/2025
Job Close Date
If temporary, grant funded, Sponsored Project funded or limited term appointment, position funded until:
Background Screening Successful Completion of a Background Screening will be required as a condition of hire.
EEO Statement
The university is an Equal Employment Opportunity employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.
I. Job Overview
Job Description Summary:
George Washington University Information Technology ( GWIT ) is the chief provider of technology services and applications at The George Washington University (GW). GWIT partners with all key stakeholders across GW to equip students, faculty, and staff with the technology and tools necessary to achieve academic and research excellence. This position works within GWIT to assure the security and compliance of systems to assure their confidentiality, integrity, and availability while protecting regulated, non-regulated, and research data.
Education
This position works within GWIT Technology Cybersecurity Risk and Assurance team to develop and implement the GW IT risk management strategy to identify, reduce / remediate, or monitor risks through education, awareness, IT vendor and product risk assessments and risk remediation monitoring across on-premises, managed cloud, and SasS environments. The position works collaboratively with other risk analysts and security engineers to enhance threat and vulnerability management for operational, academic, and research systems and tools. The position will also support assurance and compliance efforts as they relate to regulated research data and other applicable regulations and university polices. The position ensures collaborative outcomes with university stakeholders, external vendors, and partners with internal and external stakeholders to improve processes, mitigate risks, and remediate vulnerabilities related to IT risk. This position directly contributes to the overall GW IT cybersecurity risk management program including:
- Development and delivery of IT security awareness and skills programs to faculty, staff, and students
- Collaboration with key institutional stakeholders to identify, manage and where appropriate accept / track IT risk
- Developing and implementing policies, standards and procedures to ensure university- wide risk mitigation.
- Performing third party, product, and service risk assessments coordinating information gathering and review, issue and risk identification, assessment outcome reporting, tracking risks and related remediation activities, generating and delivering reports for stakeholders
- Supporting and coordinating with compliance focused units and programs.
Minimum Qualifications
Qualified candidates will hold a Bachelor’s degree in an appropriate area of specialization plus 2 years of relevant professional experience, or, a Master’s degree or higher in a relevant area of study. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.
Preferred Qualifications
Additional Required Licenses/Certifications/Posting Specific Minimum Qualifications:
- Working understanding and experience with information security risk management and controls, effective communication and well-developed organizational skills.
- Demonstrated understanding of third-party IT security risk assessments, information security risk governance frameworks (i.e., NIST ) and recommended mitigation approaches.
- Demonstrated knowledge about identifying information security risks and controls associated with IT operational processes, including user awareness and decision maker influence
- Demonstrated ability to track, monitor, and report on IT risk and control issues
- Ability to translate technical details and trends into management reports
- Demonstrated knowledge and/or experience preferred in:
- GRC tool application administration or a GRC tool user highly desired
- Public, Private and On-premises Cloud security measures and assessments
- Experience applying NIST CSF , NIST 800-53, NIST 800-171 controls, particularly in support of security standards and evaluation of vendor practices alignment with control frameworks
- Strong verbal and written communications skills
- Ability to work with and collaborate across teams
- Intellectual agility and interpersonal flexibility
- Third Party Cyber Risk Assessor ( TPCRA ) Certification
- Certified Information Systems Security Professional ( CISSP )
- Certified Information Systems Auditor ( CISA )
- Certified Information Systems Manager ( CISM )
- Certified in Risk and Information Systems Control ( CRISC )
- CompTIA Advanced Security Practitioner ( CASP )
GW Staff Approach to Pay
How is pay for new employees determined at GW?
Healthcare Benefits
GW offers a comprehensive benefit package that includes medical, dental, vision, life & disability insurance, time off & leave, retirement savings, tuition, well-being and various voluntary benefits. For program details and eligibility, please visit https://hr.gwu.edu/benefits-programs.
II. JOB DETAILS
Campus Location: Ashburn, Virginia
College/School/Department: GW IT
Family Information Technology
Sub-Family IT Risk and Compliance
Stream Individual Contributor
Level Level 2
Full-Time/Part-Time: Full-Time
Hours Per Week: 40
Work Schedule: Monday - Friday 9am-5pm
Will this job require the employee to work on site? Yes
Employee Onsite Status Hybrid
Telework: Yes
Required Background Check: Criminal History Screening, Education/Degree/Certifications Verification, Social Security Number Trace, and Sex Offender Registry Search
Special Instructions To Applicants
Employer will not sponsor for employment Visa status
Internal Applicants Only? No
Posting Number: S013954
Job Open Date: 12/12/2025
Job Close Date
If temporary, grant funded, Sponsored Project funded or limited term appointment, position funded until:
Background Screening Successful Completion of a Background Screening will be required as a condition of hire.
EEO Statement
The university is an Equal Employment Opportunity employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.
Salary : $62,487 - $96,667
Cybersecurity Risk Management Analyst
Evolver Federal -
Springfield, VA
Senior Cybersecurity Risk Management Analyst
Evolver Federal -
Springfield, VA
Senior Cybersecurity Risk Management Analyst
Evolver, LLC -
Springfield, VA