Sr Compliance Risk Analyst

ManTech (


  Full Time   Employee   Contractor


United States

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. TS/SCI clearance is required with the ability to get DHS EOD.


  • Develop, update and maintain appropriate Security Authorization (SA) packages based on NIST standards for general support systems and major applications to include development of final ATO package and ATO recommendation

  • Recommend appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major application

  • Develop and/or maintain POA&Ms for all accepted risks upon completion of system SCA, including the utilization of waivers/exceptions where appropriate

  • Schedule and conduct security assessments of systems to determine compliance with applicable security controls and standards, including:

    • Conduct interviews of key system personnel
    • Review security documentation to ensure completeness and accuracy of control documentation
    • Compile and analyze scan results for weaknesses and vulnerabilities
  • Develop security assessment reports.

  • Integrate with a team of skilled information technology security professionals demonstrating competence in the application of the security authorization guidelines and procedures

  • Communicate and present to stakeholders on the FISMA compliance status of your assigned systems

  • Work with the FISMA Tool IACS/Xacta to develop SA related documentation and track POA&M and vulnerability status.


Must possess 2 years dedicated information assurance / cyber security experience. B.S. Degree in a related field is required but may be substituted with four (4) additional years of professional Information Assurance experience. CISSP or CISA preferred.

Ability to and interest in providing support and guidance to System Owner?s through the six phases of the Risk Management Framework (NIST 800-37) and monitoring of Security Authorization (SA) artifact compliance, annual self-assessment (NIST 800-53A) completion, vulnerability scans, annual contingency plan testing, POA&M management and continuous monitoring. Must possess experience with FISMA and understand FISMA requirements. DHS FISMA related requirements experience a plus.

? Ability to work effectively in a team management environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.

? Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.

? Ability to communicate effectively orally and in writing to build and maintain customer satisfaction and express conclusions and recommendations in a clear, technically sound manner on matters associated with IT security.

? Experience with developing Security Controls Assessment (SCA) schedules, Security Assessment Plans and analyzing the results of SCA activites to evaluate the existence and effectiveness of 800-53 security controls and developing the Security Assessment Report

? Be prepared to security-related guidance on business processes, emerging technologies/development and acquisitions and vulnerability assessments and mitigation approaches.

? Experienced and capable in providing IA/security consulting services to enable the client to move past traditional C&A/SA approaches to an environment of ongoing authorization and continuous monitoring based on sound risk management practices

Strong verbal and written communication skills are highly preferred. It is highly desired that candidates possess strong interpersonal skills. Candidates must be fluent in the English language.

Candidates may be asked to provide a writing sample.


To apply for this job, contact:
Human Resources

Save This Job

Email This Job to a Friend