×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security

Cybersecurity Risk Analyst

Job in Cambridge, Middlesex County, Massachusetts, 02140, USA
Listing for: Draper
Full Time position
Listed on 2026-06-25
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 82300 - 220000 USD Yearly USD 82300.00 220000.00 YEAR
Job Description & How to Apply Below
Overview:

Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation.

For more information about Draper, visit  Description

Summary:

The Cybersecurity Risk Analyst is a member of Draper’s Cybersecurity Risk Management team, responsible primarily for unclassified information system risk and compliance efforts. This role contributes to the Cybersecurity Risk Management team in applying contractual and regulatory requirements to include DFARS and CMMC to Draper’s unclassified computing environments. This team serves as the Governance Risk and Compliance (GRC) tool product owner, performs compliance and risk analyses, develops policy, procedures, and standards, and partners closely with peer IT, security, and engineering teams to ensure compliance and risks are appropriately managed thorough the organization.

Job Description:

Duties/Responsibilities Serve as a subject matter expert for cybersecurity risk management and compliance frameworks including NIST SP 800-171/53, DAAPM, CMMC, RMFLead CMMC compliance and certification efforts to conduct gap assessments against CMMC requirements, develop and manage remediation plans, support audit readiness and interface with assessors, and ensure ongoing compliance with DFARS and CUI protection requirements

Provide technical risk guidance on cloud security (Azure, AWS), hybrid infrastructures, and Zero Trust initiatives

Perform risk assessments, vulnerability analysis, and compliance reviews using tools such as Service Now IRM, Nessus, Splunk Conduct continuous monitoring of security controls

Deliver reports and recommendations to executive leadership on risk posture, compliance status, and emerging threats

Serve as a trusted cybersecurity advisor across the organization

Develop and promote processes and procedures to analyze and assess cybersecurity risks across an enterprise environment

Skills/Abilities Technical and functional experience in domain of Governance, Audit, Risk Management and Regulatory Compliance.

Understand risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture consideration.

Ability to read, understand, and apply government regulation (FAR, DFARS).Strong working knowledge of NIST SP 800-171, NIST SP 800-53, CMMC, NIST Risk Management Framework (RMF), FedRAMPKnowledge of CUI and the control sets and documentation necessary for adherence to CUI management and safe keeping.

Ability to develop organizational cybersecurity policy, procedures, standards, and guidelines

Ability to think strategically about security risks and tie those to tactical organizational activities and goals.

Ability and experience developing and maintaining System Security Plans and associated artifacts, such as a Plans of Action & Milestones, Risk Assessment Report, and Continuous Monitoring StrategyA thorough knowledge of risk assessment methodologies, such as NIST SP 800-30, Factor Analysis of Information Risk (FAIR), Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), or other risk assessment practices

Education

Bachelor’s degree in Information Systems, Cybersecurity, or related field (or equivalent experience)
Experience4 years of cybersecurity and IT experience, including compliance, risk management, and assessment roles.

Experience supporting the Defense Industrial Base (DIB) and cleared contractor facilities preferred.

Ability to obtain a Secret clearance is required.

Additional

Job Description:

Applicants selected for this position will be required to obtain and maintain a government security clearance.

Connect With Draper for Future Opportunities! If you don't find the right posting in our Career Opportunities,…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search