Back to all jobs

Information Security Risk Specialist

Booz Allen

Oct 21

Information Security Risk Specialist

The Challenge

As an Information Security Risk Specialist on our team, you'll use your experience to work with the VA (Veterans Affairs) to discover their cyber risks, understand applicable policies, and develop a mitigation plan. You'll review technical, environmental, and personnel details to assess the entire threat landscape. Then, you'll guide your client through a plan of action with presentations, white papers, and milestones. You'll work with your client to translate security concepts so they can make the best decisions to secure their mission critical systems and critical infrastructure. This is your opportunity to act as an information security subject matter expert while broadening your skills in Risk Management Framework and NIST Security and Privacy controls. Join us as we protect the VA systems and data and provide a safer cyber environment for veteran's healthcare. This position is open to remote delivery anywhere within the U.S., including the District of Columbia.

You Have: 

  • Experience with NIST special publications, specifically RMF and NIST security controls and their requirements 

  • Experience in information security and assurance principles

  • Experience with being able to assist efforts involving presentations, white papers, and project milestones

  • Experience in assessing NIST security and privacy controls and maintaining Plans of Action and Milestones (POA&Ms) 

  • Experience in providing guidance for understanding the NIST security and privacy controls and for providing sufficient documentation for each control within a tool, including eMASS or RiskVision

  • Experience in reviewing security requirements and recommending a mitigation strategy for deficiencies

  • Experience with GRC (Governance Risk Compliance) tools, including eMASS or RiskVision and system documentation, reporting, and performing risk analysis and vulnerability assessments 

  • Experience with performing annual security reviews in accordance with FISMA reporting 

  • Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements

  • HS diploma or GED and 13+ years of experience with IT or Bachelor’s degree in CS, IT, or Engineering and 5+ years of experience with IT

 Nice If You Have: 

  • Experience utilizing data analytical tools, including MS Excel 

  • Experience working directly with clients to provide solutions and education

  • Experience with VA 

  • Ability to work flexibly in a very fast-paced environment 

  • Possession of excellent customer service and organization skills 

  • Possession of excellent verbal and written communication skills 

  • CAP, CISSP, CISM, PMP, or CCSK Certification


Applicants selected may be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client.


The proposed salary range for this position in Colorado is $85,000 to $103,000. Final salary will be determined based on various factors.

At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

  • Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

  • Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

  • Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

  • Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

  • Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.