78 Risk Analyst jobs in Ashburn

Technical Risk Analyst

A top Fortune 50 financial institution is currently seeking a Technical Risk Analyst to support internal controls and risk assessment functions within their enterprise risk and compliance organization. This individual will play a key role in evaluating technical and operational controls, driving risk mitigation strategies, and supporting audit readiness across key asset and system functions.

About the Opportunity:
• Hybrid: 2x a week onsite minimum - must be local to Vienna, VA or Pensacola, FL
• Schedule: Monday-Friday
• Shift: Standard business hours
• Setting: Internal Risk / Audit / IT Controls

Responsibilities:
The Technical Risk Analyst will be responsible for:
• Evaluating and enhancing internal control frameworks, including alignment with COSO principles
• Conducting detailed risk assessments and testing control effectiveness
• Ensuring compliance with internal policies and regulatory requirements
• Collaborating with security, internal risk, and audit teams to address asset-related risk
• Supporting the remediation of control gaps and the implementation of corrective actions
• Preparing audit-ready documentation and reports
• Leveraging ERP systems and asset tracking tools for control monitoring and reporting

Qualifications:
• 5+ years of experience in technical risk analysis, internal controls, or audit
• Bachelor's degree in Information Systems, Accounting, Finance, or related field
• Deep knowledge of control frameworks (e.g., COSO) and risk management practices
• Experience with ERP systems and asset tracking tools
• Strong analytical and critical thinking skills
• Excellent communication and documentation skills
• Ability to work independently and prioritize tasks in a fast-paced environment

Desired Skills:
• Relevant certifications such as CISA, CRISC, or CIA
• Prior experience in a large financial institution or regulated industry
• Familiarity with IT risk tools and technologies
• Strong collaboration and stakeholder engagement skills

Technical Risk Analyst

Vienna, VA – hybrid (2 days a week onsite)

Multiyear Contract

W2 or C2C

We are seeking a highly skilled individual with expertise in internal controls and risk assessment.

Responsibilities:

• The ideal candidate will be responsible for evaluating existing control frameworks, conducting detailed risk assessments, testing control effectiveness (with precision as a focus), and ensuring compliance with internal policies and external regulations.

• A strong understanding of internal control frameworks such as COSO, along with experience in asset protection and fraud prevention, is essential.

• The contractor will work cross-functionally with security, other internal risk offices, and audit teams to ensure asset-related controls are integrated into the broader risk management strategy.

• Responsibilities also include preparing audit-ready documentation and supporting the implementation of corrective actions.

• Proficiency in ERP systems and asset tracking tools is highly desirable, along with excellent analytical, communication, and project management skills.

• This role is ideal for a detail-oriented professional who can operate independently and deliver high-impact results in a dynamic environment.

#M2

#DI-VH1

Ref: #850-Rockville (ALTA IT)

System One, and its subsidiaries including Joulé, ALTA IT Services, CM Access, TPGS, and MOUNTAIN, LTD., are leaders in delivering workforce solutions and integrated services across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible full-time employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.

System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.

Job Title: Business Risk Analyst
Location: Vienna, VA
Type: Contract
Contractor Work Model: Remote
Role:
A Business Risk Analyst analyzes business processes and risks to develop strategies for mitigating risks and improving operational efficiency.
1. Expertise in risk assessment and business analysis methodologies
2. Proficiency in data analysis and visualization tools (e.g., Excel)
3. Strong understanding of regulatory requirements and risk frameworks
4. Excellent problem-solving and critical-thinking abilities
5. Effective communication and stakeholder management skills
Description:
To perform research and analysis of the organization's

Technical Risk Analyst
Vienna, VA - hybrid (2 days a week onsite)
Multiyear Contract
W2 or C2C
We are seeking a highly skilled individual with expertise in internal controls and risk assessment.
Responsibilities:
- The ideal candidate will be responsible for evaluating existing control frameworks, conducting detailed risk assessments, testing control effectiveness (with precision as a focus), and ensuring compliance with internal policies and external regulations.
- A strong understanding of internal control frameworks such as COSO, along with experience in asset protection and fraud prevention, is essential.
- The contractor will work cross-functionally with security, other internal risk offices, and audit teams to ensure asset-related controls are integrated into the broader risk management strategy.
- Responsibilities also include preparing audit-ready documentation and supporting the implementation of corrective actions.
- Proficiency in ERP systems and asset tracking tools is highly desirable, along with excellent analytical, communication, and project management skills.
- This role is ideal for a detail-oriented professional who can operate independently and deliver high-impact results in a dynamic environment.
#M2
#DI-VH1
Ref: #850-Rockville (ALTA IT)
System One, and its subsidiaries including Joulé, ALTA IT Services, CM Access, TPGS, and MOUNTAIN, LTD., are leaders in delivering workforce solutions and integrated services across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible full-time employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.
System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.

Security Clearance: TS/SCI

Location: Reston, VA

Key Role:

As an information security risk specialist on our team, you'll use your experience to work with system owners and administrators to discover their cyber risks, understand applicable policies, and develop a mitigation plan. You'll review technical and personnel details from SMEs and engineers to assess the entire threat landscape. Then, you'll guide your client through a plan of action with presentations, whitepapers, and milestones.

Basic Qualifications :

• 3 years of experience working in a professional IT environment
• 3 years of experience in cybersecurity and A&A supporting DoD environments
• Experience leading DoD ATO packages, performing Assessment and Authorization (A&A) and RMF, and conducting risk assessments for DoD systems hosted in AWS, Azure, or hybrid cloud environments
• Experience performing technical evaluations and security control assessments in cloud-native and containerized environments
• Experience interfacing with engineering teams to align DevSecOps pipelines with cybersecurity policies
• Experience with compliance testing tools such as ACAS, SCAP, STIGs or SRGs, eMASS, and Xacta
• Experience with NIST SP 800-53, CNSSI 1253, and artifact generation, SSPs, POA&Ms, SAPs, risk assessments, and continuous monitoring
• Security DoD 8570 Level II Certification

Additional Qualifications:

• Experience with DevSecOps, Path-to-Production, and CI/CD
• Experience administering Red Hat Enterprise Linux 8 or Windows Server 2012 or higher
• Experience with cloud tools and container orchestration security
• Knowledge of STIG and compliance scans
• Ability to advise stakeholders on cloud security strategies, container orchestration security such as Kubernetes and Rancher, and platform hardening
• Possession of excellent verbal and written communication skills
• Bachelor's degree in Cybersecurity or IT

What You'll Love About Apogee

• Challenging work in support of US Intel Community - a Mission that Matters!
• Access to our cool ApogeePlex facility.
• Support for new ideas & encouragement to take risks
• Professional Development Assistance (PDA)
• Wicked smart and collaborative coworkers
• Regular interfacing with company leadership
• 401(k) with huge company match
• Paid Time Off / Floating Holidays
• Medical, Dental, Vision
• Life Insurance
• Disability (Short and Long Term)
• Accidental Death and Dismemberment (AD&D)
• Health Savings Accounts / Dependent Care Flexible Spending Accounts

Apogee's Mission

• Be the PROVIDER of choice for government & commercial organizations with an unwavering commitment to responsiveness, accuracy, integrity, collaboration, and innovation.
• Be the EMPLOYER of choice committed to an open & transparent corporate atmosphere and progressive culture that attracts and empowers world class professionals to explore cutting-edge technical solutions while fostering professional growth.
• Be the preferred SOURCE for cutting-edge Analytic Products, Systems & Software Engineering, Big Data Integration, IT and Business Services that directly contribute to customer success

Apogee Integration is an Equal Opportunity Employer

**Overview**
**Cyber Risk Analyst, Mid**
**Location & Travel:** Reston, Va
**Travel:** None
**Clearance Requirement:** TS/SCI
Intelligent Waves is seeking a **Cyber Risk Analyst** to partner with system owners and administrators in identifying cyber risks, interpreting applicable policies, and developing effective mitigation strategies. In this role, you will evaluate technical data and personnel input from SMEs and engineers to assess the full threat landscape. You will then translate those findings into actionable plans-delivering clear guidance through presentations, whitepapers, and defined milestones.
Additionally, this position affords you the opportunity to act as an Information Security SME while broadening your skills in DevSecOps and cloud Security.
Intelligent Waves delivers mission-focused multi-domain operational expertise and innovation to the Government through high-impact technology solutions in cybersecurity, data science, enterprise network & systems engineering, software development, and cognitive human performance.
**_ANYTIME. ANYWHERE. ANY DOMAIN._**
Since 2006, we have proudly served federal agencies including the Department of Defense. Our ability to operate globally in a wide range of environments, coupled with our deep understanding of customer needs and requirements, enables us to provide cost-effective solutions to support the most complex missions.
**Adherence to all customer site protocols is mandatory for employees.**
**Responsibilities**
**Vulnerability Analysis**
+ Identify and assess vulnerabilities across IT systems, networks, and business processes to proactively address potential weaknesses.
**Risk Mitigation**
+ Develop and implement effective mitigation strategies to reduce or eliminate identified security risks.
**Framework Alignment**
+ Ensure security practices remain compliant with established standards and frameworks (e.g., NIST, ISO).
**Risk Assessments**
+ Conduct comprehensive assessments to evaluate potential threats and vulnerabilities, strengthening overall security posture.
**Collaboration**
+ Work closely with system engineers and technical teams to design and maintain resilient, secure environments.
**Qualifications**
**Required Qualifications**
+ Active **TS/SCI security clearance**
+ **Security+ (DoD 8570 Level II) certification**
+ 3+ years of professional IT experience
+ 3+ years of cybersecurity and Assessment & Authorization (A&A) experience supporting DoD environments
**Technical Expertise**
+ Proven experience leading **DoD ATO packages** , including A&A, RMF processes, and risk assessments for systems hosted in **AWS, Azure, or hybrid cloud environments**
+ Hands-on experience performing **technical evaluations** and **security control assessments** in **cloud-native** and **containerized environments**
+ Experience collaborating with engineering teams to ensure **DevSecOps pipelines** align with cybersecurity policies and frameworks
+ Proficiency with compliance and assessment tools such as **ACAS, SCAP, STIGs/SRGs, eMASS, and Xacta**
+ Strong knowledge of **NIST SP 800-53, CNSSI 1253** , and related documentation, including development of **SSPs, POA&Ms, SAPs, risk assessments,** and continuous monitoring artifacts
**Additional (Desired) Qualifications:**
+ Experience with DevSecOps, Path-to-Production, and CI/CD 
+ Experience administering Red Hat Enterprise Linux 8 or Windows Server 2012 or higher 
+ Experience with cloud tools and container orchestration security
+ Knowledge of STIG and compliance scans
+ Ability to advise stakeholders on cloud security strategies, container orchestration security such as Kubernetes and Rancher, and platform hardening
+ Possession of excellent verbal and written communication skills
+ Bachelor's degree in Cybersecurity or IT
**Benefits**
Intelligent Waves offers a generous benefits package including medical, dental, vision, paid PTO, life and disability insurance. We invest in our employees' futures by contributing with vesting starting from DAY 1, technical training, tuition bonuses, and much more.
**Clearance Statement**
Applicants selected for this position will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Only U.S. citizens are eligible for a security clearance. For this position, Intelligent Waves will consider only applicants with current security clearances or those eligible to obtain one.
**Equal Employment Opportunity**
Intelligent Waves LLC is an equal opportunity employer. We are committed to providing equal opportunity to all applicants and employees in full compliance with all applicable state and federal laws prohibiting discrimination based on race, color, age, sex, religion, national origin, disability, military and/or veteran status, or any other class protected by applicable state or federal law.
As an Affirmative Action and Equal Opportunity Employer, Intelligent Waves is committed to the full inclusion of all qualified candidates and employees. If you need reasonable accommodations for any part of the application or interview process, or to perform essential job functions, please contact .
**A Veteran-Friendly Organization**
**#IW**
**#CJ**
**Job Locations** _US-VA-Reston_
**Job ID** _ _
**Category** _Cybersecurity_
**Employment Type** _Regular Full-Time_
**Travel** _None_
**Remote** _No Remote Work_

Security Clearance: Active TS/SCI

Location: Reston, VA

Position

As an information security risk specialist on our team, you'll use your experience to work with system owners and administrators to discover their cyber risks, understand applicable policies, and develop a mitigation plan. You'll review technical and personnel details from SMEs and engineers to assess the entire threat landscape. Then, you'll guide your client through a plan of action with presentations, whitepapers, and milestones. If you live and breathe Cybersecurity, then you'll love Apogee and this position!

Required

• 3+ years of experience working in a professional IT environment
• 3+ years of experience in cybersecurity and A&A supporting DoD environments
• Experience leading DoD ATO packages, performing Assessment and Authorization (A&A) and RMF, and conducting risk assessments for DoD systems hosted in AWS, Azure, or hybrid cloud environments
• Experience performing technical evaluations and security control assessments in cloud-native and containerized environments
• Experience interfacing with engineering teams to align DevSecOps pipelines with cybersecurity policies
• Experience with compliance testing tools such as ACAS, SCAP, STIGs or SRGs, eMASS, and Xacta
• Experience with NIST SP 800-53, CNSSI 1253, and artifact generation, SSPs, POA&Ms, SAPs, risk assessments, and continuous monitoring
• Security+ DoD 8570 Level II Certification

Additional Qualifications

• Experience with DevSecOps, Path-to-Production, and CI/CD
• Experience administering Red Hat Enterprise Linux 8 or Windows Server 2012 or higher
• Experience with cloud tools and container orchestration security
• Knowledge of STIG and compliance scans
• Ability to advise stakeholders on cloud security strategies, container orchestration security such as Kubernetes and
• Rancher, and platform hardening
• Possession of excellent verbal and written communication skills
• Bachelor's degree in Cybersecurity or IT

What You'll Love About Apogee

• Challenging work in support of US Intel Community - a Mission that Matters!
• Access to our cool ApogeePlex facility
• Support for new ideas & encouragement to take risks
• Professional Development Assistance (PDA)
• Wicked smart and collaborative coworkers
• Regular interfacing with company leadership
• 401(k) with huge company match
• Paid Time Off / Fixed & Floating Holidays
• Medical, Dental, Vision
• Health Savings Accounts / Dependent Care Flexible Spending Accounts
• Life Insurance, Disability (Short and Long Term), Accidental Death and Dismemberment (AD&D)

Apogee's Mission

• Be the PROVIDER of choice for government & commercial organizations with an unwavering commitment to responsiveness, accuracy, integrity, collaboration, and innovation
• Be the EMPLOYER of choice committed to an open & transparent corporate atmosphere and progressive culture that attracts and empowers world class professionals to explore cutting-edge technical solutions while fostering professional growth
• Be the preferred SOURCE for cutting-edge Analytic Products, Systems & Software Engineering, Big Data Integration, IT and Business Services that directly contribute to customer success

Apogee Integration is an Equal Opportunity Employer

**Job Description**
We're on a journey to advance how health happens with technologies that support clinicians, inspire innovation, empower patients, and save lives. Our mission? To create a human-centric healthcare experience powered by unified global data.
It's a big challenge, but big challenges are what we do best. We're already transforming some of the world's largest health systems-helping them turn data into lifesaving decisions and better patient care.
We want people just as dedicated as we are making history with the advancement of Federal Healthcare systems. If you're excited about making healthcare more human, you've come to the right place.
Oracle Health Government Services is seeking a skilled Federal Program Manager to join our mission-driven organization. In this role, you will be responsible for leading program activities and ensuring successful delivery across Oracle's risk management framework.
The ideal candidate will have a solid understanding of federal contracting rules and regulations and be comfortable operating within a highly regulated environment. You will collaborate with cross-functional teams-both internal stakeholders and client partners-so familiarity with systems development life cycle (SDLC) methodologies, business process re-engineering, and program management best practices is essential for applying our risk management framework.
The responsibilities for this role include:
+ **Data analysis.** Analyzing data to formulate risk and issue identification for effective mitigation management.
+ **Forecasting trends.** Reviewing task order scope to proactively identify potential risks and issues based on data from previous deployments.
+ **Risk Strategy.** Partner with Task Order Owners to help formulate risk mitigation and issue resolution strategies to reduce the probability and impact of thematic risks across scope, schedule, and cost
+ **Risk Management.** Manage a portfolio of risks and issues for one to two concurrent task orders focused on the following:
+ **Risk and Issue Tracking.** Ensure risks and issues are tracked in the appropriate tools and ensure the risk/issue task order portfolio is up to date.
+ **Risk and Issue Reporting.** Ensure all risk reporting (client deliverables and internal deliverables) is timely, accurate, and complete.
+ **Risk and Issue Controls.** In partnership with Task Order Owners, establish weekly/bi-weekly review meetings to review the risk portfolio status.
+ **Continuous improvement.** Periodically review Oracle Health's risk management framework, processes, tools, and policies and offer improvements to increase efficiency, improve scalability, and reduce cost.
**Responsibilities**
The qualifications for this role include:
+ Six to eight years of large-scale program and project management.
+ Prior project team leadership or management experience.
+ Comfortable working in a matrix management environment with multiple stakeholders.
+ Strong communication skills with internal stakeholders, external stakeholders, clients, and vendors.
+ Undergraduate degree strongly preferred.
+ PMP credential from PMI strongly preferred.
+ Ability to travel up to 20%
Disclaimer:
**Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.**
**Range and benefit information provided in this posting are specific to the stated locations only**
US: Hiring Range in USD from: $79,100 to $158,200 per annum. May be eligible for bonus and equity.
Oracle maintains broad salary ranges for its roles in order to

**Job Description**
We're on a journey to advance how health happens with technologies that support clinicians, inspire innovation, empower patients, and save lives. Our mission? To create a human-centric healthcare experience powered by unified global data.
It's a big challenge, but big challenges are what we do best. We're already transforming some of the world's largest health systems-helping them turn data into lifesaving decisions and better patient care.
We want people just as dedicated as we are making history with the advancement of Federal Healthcare systems. If you're excited about making healthcare more human, you've come to the right place.
Oracle Health Government Services is seeking a skilled Federal Program Manager to join our mission-driven organization. In this role, you will be responsible for leading program activities and ensuring successful delivery across Oracle's risk management framework.
The ideal candidate will have a solid understanding of federal contracting rules and regulations and be comfortable operating within a highly regulated environment. You will collaborate with cross-functional teams-both internal stakeholders and client partners-so familiarity with systems development life cycle (SDLC) methodologies, business process re-engineering, and program management best practices is essential for applying our risk management framework.
The responsibilities for this role include:
+ **Data analysis.** Analyzing data to formulate risk and issue identification for effective mitigation management.
+ **Forecasting trends.** Reviewing task order scope to proactively identify potential risks and issues based on data from previous deployments.
+ **Risk Strategy.** Partner with Task Order Owners to help formulate risk mitigation and issue resolution strategies to reduce the probability and impact of thematic risks across scope, schedule, and cost.
+ **Risk Management.** Manage a portfolio of risks and issues for multiple, concurrent task orders focused on the following:
+ **Risk and Issue Tracking.** Ensure risks and issues are tracked in the appropriate tools and ensure the risk/issue task order portfolio is up to date.
+ **Risk and Issue Reporting.** Ensure all risk reporting (client deliverables and internal deliverables) is timely, accurate, and complete.
+ **Risk and Issue Controls.** In partnership with Task Order Owners, establish weekly/bi-weekly review meetings to review the risk portfolio status.
+ **Continuous improvement.** Periodically review Oracle Health's risk management framework, processes, tools, and policies and offer improvements to increase efficiency, improve scalability, and reduce cost.
+ **Internal strategy** . In partnership with Oracle Health risk leadership, contribute towards the internal strategy and ways of working (e.g. RACI) for successful management of the risk function.
+ **Mentorship.** Provide mentorship to other risk analysts though informal coaching and support.
**Responsibilities**
The qualifications for this role includes:
+ Eight to ten years of large-scale program and project management.
+ Prior project team leadership or management experience.
+ Comfortable working in a matrix management environment with multiple stakeholders.
+ Strong communication skills with internal stakeholders, external stakeholders, clients, and vendors.
+ Undergraduate degree strongly preferred. Masters Degree a plus.
+ PMP credential from PMI strongly preferred.
+ Ability to travel up to 20%
Disclaimer:
**Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.**
**Range and benefit information provided in this posting are specific to the stated locations only**
US: Hiring Range in USD from: $87,000 to $178,100 per annum. May be eligible for bonus and equity.
Oracle maintains broad salary ranges for its roles in order to