Are you an accomplished cybersecurity risk professional with real-world experience in analyzing IT risk and security controls? Are looking to take that next step up in your career and become a key member of a team supporting a large Federal Government Departmental enterprise IT program? Then we want to hear from you!

Hill Associates is searching for a Senior Cybersecurity Risk Analyst. We seek a person who demonstrably understands IT security controls from the systems operations perspective. This is a critical requirement, and in addition to the mandatory requirements listed below will heavily impact the ultimate selection of a candidate for this role.

Ideally, you have operations and/or technical experience with IT services and infrastructure; have experience applying NIST SP 800-53, and understand the changes in requirements under Revision 5 to SP 800-53 (published September 2020). You also have experience applying the NIST Risk Management Framework (RMF) within the Federal Government environment. You have a depth of experience in analyzing and selecting control parameters and can assess systems and demonstrate how the controls are reducing risk. Finally, you can succinctly explain to management the risk of accepting non-compliance or stricter compliance than recommended, for the betterment of the customer’s mission.

A key part of your responsibilities will be to help drive organizational efforts to shift from compliance-based methods to a risk management framework. You will work with the customer to operationalize the organization’s security framework, with an emphasis on risk-based assessments and security control implementation (e.g., risk trade-offs).

This position would operate under a temporary telework policy per current Federal Government and Departmental mandates. Under normal circumstances, the work is located at a metro accessible (two-block walk) client location in Washington, DC with telework options once established. No travel outside the DC metro area is anticipated.

What You Will Get to Do:

  • Be a key member on a team of risk, cyber, and IT specialists.

  • Solve complex IT, cyber, and risk challenges.

  • Assist in operationalizing the organization from compliance-based to risk-based (NIST SP 800-37; NIST RMF).

  • Support the Department in improving its overall cybersecurity posture.

  • Drive maturation strategies to adequately protect the Department’s information, information technology assets, and associated business processes.

  • Assess the enterprise IT environment and demonstrate how IT security controls are meeting requirements while reducing risk.

  • Assist in identifying and reporting on security risks and vulnerabilities.

  • Apply your experience to collaborate with various stakeholders on IT security control selection and implementation.

  • Consult with stakeholders to develop strategies and policies with significant consideration for risk reduction while remaining in alignment with FISMA requirements.

  • Assist in the collection, analysis, and reporting of security measures to support decisions regarding the Department’s cybersecurity posture and continuous improvement.

  • Update the Shared Services and Enterprise Cybersecurity Security Controls Requirements Matrix to reflect new risk-based security paradigms.

  • Support the review, development, and implementation of critical strategies and documentation such as:

    • Infrastructure Operations Cybersecurity Framework

    • Business Continuity Plans

    • Incident Response Plans

    • Disaster Recovery Plan

    • Continuity of Operations Plan

    • Cyber Conditions Operating Procedures

    • Security Assessment and Authorization documents/packages

    • Interact with leadership and staff across the Department and its Bureaus.

    • Support data calls and prepare technical reports and high-level summaries for senior management.

You Will Bring These Qualifications:

  • U.S. Citizen (mandatory).

  • Located in the Washington, DC metro area, or willing to relocate to DC (mandatory).

  • Ability to obtain and maintain high public trust (Tier 4/BI) clearance level (mandatory), active DoD security clearance desired, but not required (Secret / Top Secret).

  • At least 8 years’ experience in cybersecurity-related technical functions, especially IT security controls applied under risk-based methodologies (mandatory).

  • Minimum of a bachelor’s degree (prefer Master’s degree) in Risk Management, IT Security, Cybersecurity, or related IT fields (mandatory).

  • Preferred Certifications: Cybersecurity or IT security certifications, such as Certified Information Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or comparable professional certification.

  • You are a person who understands how to go beyond just FISMA compliance and apply risk-based methodologies, such as the NIST RMF.

  • Operations/technical experience in IT services, operations, or infrastructure.

  • Comprehensive understanding of IT security controls from the operations side.

  • Strong communication, organization, and time-management skills.

  • Ability to develop and present reports and findings.

  • Experience working with senior-level management.


What We Can Offer You:

Hill Associates offers a comprehensive, total rewards package, including competitive compensation and a flexible benefits package. We are an affirmative action and equal opportunity employer committed to creating a diverse and supportive workplace. Employment decisions will be made without regard to race, color, religion, sex, age, national origin, military status, veteran status, handicap, physical or mental disability, sexual orientation, gender identity, genetic information or other characteristics protected by law. All information you provide will be kept confidential. Please contact Hill Associates at 202-656-6505 or via email at