Cyber Risk Analyst

Overview Title: Cyber Risk Analyst W-2 Only (no 1099) Must be a U.S. Citizen Company's Location: Lemont, IL Background The Company’s Cyber Security Program Office promotes the safe and secure use of information technology. There are a variety of risks and threats inside and outside of the Laboratory. The Company’s Cyber Security Program Office (CSPO) safeguards the Laboratory by identifying, protecting against, detecting, responding to, and recovering from cybersecurity risks and incidents. Services include consultation and guidance; detection and protection technologies; education and awareness; incident management; vulnerability management; and risk assessment and compliance. Scope The Cyber Risk Analyst will play an important role in identifying and communicating areas of concern and risks to the business. This engagement will free up other cybersecurity resources to work in other critical Argonne areas. The ideal candidate will need to: Possess a working level expertise with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and the NIST 800-53 series of control families and approaches. Responsibilities Perform detailed analysis and a cyber risk assessment of Cloud Service Providers (CSPs). Engage with vendors to review controls, certifications, and risks in support of the associated business need and the laboratory's risk tolerance. Partner with the CSPO in the development of risk assessment and reporting processes within the Laboratory's Governance, Risk and Compliance (GRC) tool, Talatek TiGRIS. Partner with others from within the CSPO team and Laboratory IT environment to perform risk-based assessments of NIST 800-53 control validation and gap analysis. Collaborate with the CSPO to present outcomes of risk analysis work using presentation methods to CSPO and other lab audiences (IT admins, Deputy CIO, CISO). Maintain assessment and assessment results in identified repositories, e.g., the Lab's GRC tool, Talatek TiGRIS, MS Excel, Box or Box. Assist in the performance of the laboratory's Divisional Site Assist Visit (DSAV) self-assessment and continuous monitoring strategy, assessing the cyber security controls and their implementation in various programmatic spaces. Objectives / Qualifications A fundamental understanding of IT Risk management and the NIST 800 series framework. Experience with government environments. Experience working closely with cyber security leadership and peers along with IT system/process owners to capture artifacts for control testing. Technical understanding of systems and technologies to inform audits and assessments. Ability to translate results into business-oriented, task-focused presentations. Support projects and tasks associated with Cybersecurity Risk Assessment and Compliance. Ability to support urgency and timeliness expectations, assuring risk assessments are completed to support DOE Authority to Operate and Authority to Use deadlines. Typically, the assessment presentation cadence is weekly for the DOE's Company Site Office, and monthly for the DOE Authorizing Official. Experience and skill in conducting audits or reviews of technical systems. Experience assessing vendor risk. Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system. Able to effectively interact with user organizations to validate controls and disseminate knowledge to current staff. Able to communicate through various methods, including written documentation for leaders and executives. Ability to work autonomously as a contributing member of a small technical team. Experience working in a government environment. Experience working in a distributed IT environment. Basic knowledge of cyber security concepts. Working knowledge of networking administration and system administration. Ability to qualify for HSPD-12 card for use in two-factor authentication. Remote Work Expectations Typically, work is performed remotely. For candidates within driving distance, there may be rare onsite meetings. When remote, all scheduled meetings must be attended using approved tools. Candidates must be available for consultation during all scheduled work time and be reachable via approved communication methods. Performance will be monitored; if productivity declines, remote work may be suspended. If onsite is required unexpectedly, remote work may be rescheduled. Remote work privilege may be revoked at any time at the discretion of the company. A flexible work schedule may be possible with approval. Remote work is preferred if the laboratory closes due to weather or other circumstances. The candidate must track remote work schedule in the CSPO absence calendar and obtain approval from a CSPO supervisor. Expectation / Deliverables Assist in the management of Lab-Vendor risk assessments throughout the engagement, including analysis and a cyber risk assessment of CSPs (Vendors). Regularly engage with vendors to review controls, certifications, and risks. Regularly engage with ANL System Business Owners to review controls and coordinate control implementation with BIS technicians when necessary. Work on various GRC projects using Talatek TiGRIS, including risk-based assessments of NIST 800-53 Rev 5 control validation and gap analysis. Present outcomes of risk analysis work to CSPO and other lab audiences, as needed. Maintain assessment results in the GRC tool and TiGRIS; communicate via email, Teams, etc. Other Program Information Computer Protection Program: Contractors shall complete required training and adhere to protection requirements for any systems, applications, or sensitive data they access; follow all policies and report deficiencies. Government-Furnished Property: Laptop, PIV Card, and PIV Card reader provided. Place of Performance: Work will be performed remotely, using Microsoft Teams and Microsoft Outlook. Period of Performance: Beginning October 2025, 40 hours per week for 1 year. #J-18808-Ljbffr