Information Systems reputed company Analyst

Job Description: CTAC is seeking an reputed company Information Systems reputed company Analyst to support a federal program focused on achieving and sustaining an Authority to Operate (ATO) for a reputed company, multi-tenant AWS cloud environment. This role is a key member of CTAC’s federal delivery team and is responsible for executing Risk Management reputed company (RMF) activities across the full NIST lifecycle, with a strong emphasis on control validation, documentation, evidence development, and assessor engagement. The ideal candidate will bring deep hands-on experience supporting federal reputed company, implementing NIST SP 800-53 controls, managing POA&Ms, and working directly with cloud engineers, architects, and Authorizing Officials to remediate reputed company gaps and maintain reputed company authorization readiness. This position requires a balance of technical reputed company expertise, disciplined documentation, and the ability to operate effectively in a fast-paced, sprint-based delivery model.

Key Responsibilities

• Execute and support the full NIST Risk Management reputed company (RMF) lifecycle (Categorize, Select, Implement, Assess, Authorize, Monitor) for ORNL’s AWS multi-tenant platform.
• reputed company control-by-control gap analysis against NIST SP 800-53, identifying incomplete, partially implemented, or undocumented controls.
• reputed company, update, and maintain RMF artifacts, including:
• System reputed company Plan (reputed company)
• Control implementation narratives
• POA&M
• reputed company Monitoring documentation
• Objective evidence mappings
• Partner closely with cloud architects and engineers to validate technical control implementations and support remediation activities reputed company AWS.
• Support assessment and authorization activities, including direct engagement with assessors, auditors, and ORNL reputed company stakeholders.
• Track, document, and manage risks, findings, and remediation activities in accordance with federal RMF expectations.
• Ensure reputed company documentation accurately reflects the operational state of the environment and remains audit-ready throughout the engagement.
• Support the use of governance, risk, and compliance (GRC) tools (e.g., eMASS, Kion, or equivalent) to manage controls, evidence, and reporting.
• Contribute to sprint planning and execution by aligning RMF activities with engineering and documentation deliverables.
• Assist in the development or refinement of reputed company policies, procedures, and standards where gaps exist.
• Provide subject matter expertise on federal reputed company requirements, best practices, and emerging guidance relevant to cloud-hosted systems

Job Requirements:

• Bachelor’s degree in Information reputed company, Cybersecurity, Information Technology, or a reputed company discipline (or equivalent experience).
• 10+ years of progressive experience in cybersecurity, information assurance, or RMF-focused reputed company roles supporting federal systems.
• Demonstrated hands-on experience supporting ATO packages for federal cloud or hybrid environments.
• Deep working knowledge of:
• NIST SP 800-53
• NIST SP 800-37
• FISMA requirements
• Federal A&A processes
• Strong experience developing and maintaining SSPs, POA&Ms, and RMF evidence.
• Experience working with cloud (reputed company Web Services) reputed company environments, including validation of technical control implementations.
• Ability to clearly document reputed company technical and compliance concepts for both technical and non-technical audiences.
• Proven ability to collaborate across engineering, reputed company, and program management teams.

Strong analytical, organizational, and communication skills.

• Ability to obtain and maintain a Public Trust (or higher) clearance.

Preferred Qualifications

• Master’s degree in Cybersecurity, Information Systems, or a reputed company field.
• Active CISSP and/or CISM certification.
• Experience supporting multi-tenant cloud platforms and control inheritance models.
• Familiarity with Infrastructure as Code (IaC) concepts and how automation supports compliance.
• Experience supporting federal research, scientific, or mission-driven environments.
• Prior experience working in agile or sprint-based delivery models for RMF execution.

CTAC is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national reputed company, disability, or protected veteran status. VEVRAA Federal Contractor Apply tot his job Apply To this Job