Compliance and Risk Analyst

Job description

Overview The Compliance and Risk Analyst supports the Agency’s IT and cybersecurity compliance program by assessing risk, maintaining audit-ready documentation, and tracking corrective actions to closure. This role works across cybersecurity, IT operations, and program management stakeholders to ensure security and administrative controls are documented, implemented, and evidenced in alignment with applicable federal requirements under the strategic oversight of the Agency CIO/PMO. Responsibilities: - Maintain audit readiness and documentation by developing, organizing, and updating evidence artifacts to support internal reviews and external audits. - Support Security Assessment & Authorization (RMF/SA&A) activities by assisting with SSP updates, control implementation evidence collection, risk assessments, and POA&M development and maintenance. - Support FISMA reporting and CDM efforts by validating inputs, maintaining supporting evidence, and tracking submissions and due dates. - Conduct compliance and risk assessments against applicable frameworks (e.g., NIST) and Agency policies; document findings, recommendations, and required corrective actions. - Develop and maintain complia...