Halfaker and Associates, an award-winning high growth small business, creates innovative and customer-centric technology solutions in the areas of Digital Services, Data Analytics, Cyber Security and Cloud Services to improve the health, security and well-being of all Americans. Our commitment to excellence and our vision to “Continue to Serve” has resulted in steady growth and an expanding client base across government agencies in the health, defense, security and intelligence sectors. Our strong focus on internal culture has helped Halfaker achieve several workplace awards including Great Place to Work Certification™ and Tampa Bay Top Workplaces. Headquartered in Arlington, VA, we have employees nationwide. Please take a moment to browse through our website and learn more about what it means to serve with Halfaker.
Halfaker has an opening for a SECURITY RISK ANALYST to join our talented, dynamic team. The key responsibilities for this position include:
- Performs technical risk assessments of security, operational controls and processes, and Systems based of NIST Cybersecurity Framework, NIST 800-171, HIPAA, CMMC, ISO 27001
- Manipulates, correlates, and discovers patterns and relationships of large and complex data
- Experience in extracting data from a variety of servers, data types, and data structures and automating tasks
- Executing data analytics procedures for continuous monitoring of risk and performing risk assessments
- Provide mitigation plans to address deficiencies derived from risk assessments
- Performs technical security risk assessments for key projects (CMMC, ISO, etc.), new functionality, and products
- Performs security risk assessments in support of Supply Chain Risk Management Program
- Develops and issues ad-hoc security risk dashboards and reports for internal stakeholders and participate in the completion of customer-requested risk assessments
- Identifies opportunities to improve the efficiency of IT and operational processes within the functional areas being assessed
- Stays abreast of developments in the Information Technology industry specifically as they relate to Risk Management
- Maintains proper documentation for Halfaker Standards, Policies and Procedures as they relate to IT
Required Skills
- Working knowledge of GRC platforms (Ex. KnowB4, Archer, Compliance360, etc.)
- Expertise with data analytics, business intelligence and visualization tools (Ex. Excel, Python, SQL, ACL Analytics, Power BI, Spotfire)
- Knowledge of threat modeling or other risk identification techniques, system security vulnerabilities and remediation techniques
- Ability to deal with changing priorities and multi-task several projects
- Strong Project Management and Time Management Skills
- Ability to translate and communicate technical risk into business risk
- Experience implementing security management solutions and creating detailed documentation
- Excellent presentation and communication skills
- Excellent Technical and business writing skills
Required Experience
- Bachelor's degree in Information Security, Risk Management preferred
- 4 years of experience in Information Technology field, with at least 2 years working in Information Security, Risk Management, IT Audit or Compliance
- Experience with IT control frameworks such as ITIL, CMMC, NIST, and ISO.
- Experience with regulatory standards and compliance requirements for HIPAA, HITECH, GDPR
Halfaker and Associates, LLC, is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/ Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. U.S. Citizenship is required for most positions.