Third Party Cyber Risk Management Analyst

We are searching for a Third Party Cyber Risk Analyst to support the Cybersecurity program at the United States Postal Service. The candidate will support the Risk Management, System Certification & Accreditation (C&A) processes; Information Assurance (IA) processes; system ATOs, and continuous monitoring of enterprise applications. The successful candidate will experience an unparalleled large-scale enterprise environment with over 800 Information Technology systems, processing billions of dollars in annual revenue and supporting a diverse user base spread across the entire US. Join the NikSoft team to scale your career to the next level.

Must have demonstrated knowledge and experience in:

• Designing, developing, implementing, executing, and improving third-party cyber risk management strategy and practices (public and/or private sector)
• Adapting and implementing industry cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, NIST 800-53, NIST 800-171, CIS 18, Zero Trust Principles, FedRAMP)
• Assessing supply chain risk based on recognized audit reports (e.g., SOC 2 Type II) and/or questionnaire responses
• Managing and instructing diverse teams with varying levels of subject matter expertise
• Managing competing priorities to ensure timely completion of work
• Communicating with cross-functional leadership and other stakeholders (especially supply chain management) on third-party risk management strategy, risk management activities, and risks
• Learning on the job to expand knowledge for self and team members
• Working with third party risk assessment platforms (e.g., Process Unity GRX)
• Working with Risk Management platforms (e.g., Diligent RSAM)
• Technical Writing
• Contract Review and Negotiations
• Defining clear tasks and communicating topics to leadership through concise and succinct presentations.

Nice to have:

• Public and Private Sector experience
• Proximity (<50 miles) to Gatehouse (Falls Church, VA) or Aerial (Morrisville, NC) for in-person activities
• Familiarity with CyberGRX (now Process Unity GRX) and Diligent RSAM

Qualifications:

• Bachelor's degree in Information Technology or a relevant Cybersecurity field, and 2-4 years of overall experience.
• 10 years of experience working as a Risk, Information Assurance, or Information Systems Security Analyst.
• Knowledge of the NIST Risk Management Framework (RMF) and security controls is required.
• This candidate must understand the risk management process, risk mitigation, and risk tracking.
• Must have strong communication skills, both oral and written, with excellent interpersonal, team and organization skills.
• A self-starter with proven abilities to collaborate and gather information from multiple teams.

****Candidates must be able to obtain a Postal Sensitive Clearance (US Citizenship or Green Card required). Additionally, candidates must not have traveled outside of the USA for a combined period not to exceed 6 months within the last 5 years.***