At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
We are seeking a proactive and experienced Cyber Risk Management Analyst with a strong background in Third Party Cyber Risk Management (TPCRM). If you are a collaborative thought leader who is passionate about protecting large enterprises from cyber threats and accustomed to working in dynamic environments, we want to hear from you! This is a remote position to be performed from within the United States. U.S. Citizenship and the ability to obtain a Public Trust are required.
What You’ll Do
- Drive the design, development, implementation, and continuous improvement of third-party cyber risk management strategies and practices across public and private sectors.
- Champion and oversee Third Party Cyber Risk Management (TPCRM) best practices and policies.
- Implement and adapt industry-standard cybersecurity frameworks (e.g., ISO 27001, NIST CSF, NIST 800-53, NIST 800-171, CIS 18, Zero Trust Principles, FedRAMP).
- Conduct supply chain risk assessments using recognized audit reports (e.g., SOC 2 Type II) and questionnaire responses.
- Collaborate with cross-functional leadership and stakeholders, particularly in supply chain management, to communicate third-party risk management strategies, activities, and identified risks.
- Utilize third-party risk assessment platforms (e.g., Process Unity GRX) and risk management platforms (e.g., Diligent RSAM).
- Review and make recommendations for policy and process updates, insuring alignment with organizational risk requirements.
- Lead and mentor diverse teams with varying levels of subject matter expertise.
- Prioritize and manage multiple concurrent projects to ensure timely completion.
- Produce high-quality technical documentation and reports.
- Engage in continuous learning to expand personal knowledge and upskill team members.
Required: Education + Experience
- 3+ years of experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols.
- Familiarity with third-party risk assessment platforms (e.g., Process Unity GRX) and risk management platforms (e.g., Diligent RSAM).
- Familiarity with cyber risk assessment and management frameworks, methodologies, and reporting. (e.g., SOC 2 Type II) and questionnaire responses.
- Strong understanding and practical experience in adapting and implementing industry-standard cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, NIST 800-53, NIST 800-171, CIS 18, Zero Trust Principles, FedRAMP).
- Excellent communication skills to effectively engage with cross-functional leadership and stakeholders, particularly in supply chain management regarding third-party risk management strategies and activities.
- Experience in managing and instructing diverse teams with varying levels of subject matter expertise.
- Strong organizational skills to manage competing priorities and ensure timely completion of projects.
- Technical Writing Skills: Proficient in producing high-quality technical documentation and reports.
Security Clearance
- U.S. Citizenship required
- Ability to obtain Public Trust (or higher) government clearance
Preferred
- Bachelor’s degree in Computer Science, Information Technology or Information Security or other relevant disciplines.
- Public and Private Sector Experience
- Familiarity with CyberGRX (now Process Unity GRX) and Diligent RSAM
- Proximity to customer locations in the DMV (DC, MD, or VA) Metro area or Raleigh/Durham, NC is ideal.
Preferred Certifications
- CRISC - Certified in Risk and Information Systems Control
- CISSP- Certified Information Systems Security Professional
- CCSK- Certificate of Cloud Security Knowledge or CCSP
- CISA-Certified Information Systems Auditor certifications
- CISM- Certified Information Security Manager
#LI-LC1
Who You Are
A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
Intellectually curious with a genuine desire to learn and advance your career.
An effective communicator, both verbally and in writing.
Customer service-oriented and mission-focused.
Critical thinker with excellent problem-solving skills
If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
Who We Are
phia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia values work-life balance and offers the following benefits to full-time employees:
Comprehensive medical insurance to include dental and vision
Short Term & Long-Term Disability
401k Retirement Savings Plan with Company Match
Tuition and Professional Development Assistance Flex Spending Accounts (FSA)
phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.