Information Security Risk Analyst
Rockville,, MD
ASSYST
Leading digital transformation specialists. Learn about AI program governance, cybersecurity solutions, and Assyst role in government's digital-first initiatives.ASSYST is seeking a qualified Information Security Risk Analyst to support our client’s Governance, Risk, and Compliance (GRC) program. This role involves identifying, assessing, and documenting risks related to information systems, technologies, vendors, and operational processes—ensuring alignment with client security policies and regulatory standards.
Key Responsibilities:
-
Conduct structured risk assessments
-
Review internal controls
-
Evaluate third-party security attestations
-
Support vulnerability and compliance activities
Policy Exception Management:
-
Validate and assess policy exception requests via ServiceNow GRC
-
Conduct risk evaluations and recommend approval or denial
-
Collaborate with cross-functional teams to enhance risk posture
Qualifications:
-
Experience with GRC tools (ServiceNow, RSA Archer, etc.)
-
Knowledge of frameworks: NIST 800-53, ISO 27001, HIPAA, PCI, FedRAMP
-
Strong technical foundation and risk analysis skills
-
Familiarity with FAIR and SOC 1/2 Type II assessments
Preferred Certifications:
-
CISSP, CRISC, GRCP, CISA, CGRC
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CGRC CISA CISSP Compliance CRISC FedRAMP Governance HIPAA ISO 27001 NIST NIST 800-53 Risk analysis Risk assessment RSA SOC SOC 1
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.