Compliance and Risk Analyst

Compliance and Risk Analyst

Job Location:

US-NM-Albuquerque

Job : , Category:
Information Technology, Type:
Full Time.

The Compliance and Risk Analyst supports the Agency's IT and cybersecurity compliance program by assessing risk, maintaining audit‑ready documentation, and tracking corrective actions to closure. This role works across cybersecurity, IT operations, and program management stakeholders to ensure security and administrative controls are documented, implemented, and evidenced in alignment with applicable federal requirements under the strategic oversight of the Agency CIO/PMO.

• Maintain audit readiness and documentation by developing, organizing, and updating evidence artifacts to support internal reviews and external audits.
• Support Security Assessment & Authorization (RMF/SA&A) activities by assisting with SSP updates, control implementation evidence collection, risk assessments, and POA&M development and maintenance.
• Support FISMA reporting and CDM efforts by validating inputs, maintaining supporting evidence, and tracking submissions and due dates.
• Conduct compliance and risk assessments against applicable frameworks (e.g., NIST) and Agency policies; document findings, recommendations, and required corrective actions.
• Develop and maintain compliance tracking artifacts (e.g., risk registers, control compliance matrices, and corrective action trackers) with clear owners, milestones, and closure evidence.
• Draft, update, and maintain cyber policy and regulatory documentation (policies, procedures, and SOPs) and ensure updates are communicated and incorporated into operational practice.
• Coordinate with stakeholders on configuration management and change control documentation needs to ensure changes remain traceable and auditable.
• Support ongoing compliance oversight by monitoring adherence to administrative controls and required processes; identify gaps and recommend improvements.
• Prepare compliance status summaries and risk briefings for leadership and stakeholders, including progress on remediation and audit observations.

• Bachelor's degree in Information Assurance, Risk Management, or related field.
• 5+ years of experience in IT compliance and risk assessments.
• Familiarity with OMB A-123, GAO Green Book, and NIST frameworks.
• Strong analytical skills with the ability to translate requirements into actionable control evidence, remediation plans, and stakeholder‑ready reporting.
• Strong written and verbal communication skills, including experience producing audit‑ready documentation.

• Experience supporting RMF/ATO package development or sustainment in a federal environment.
• Experience supporting independent assessments/audits (e.g., OIG/GAO) and managing evidence requests and responses.
• Familiarity with POA&M management, corrective action tracking, and risk acceptance/exception processes.
• Experience supporting continuous monitoring, vulnerability management reporting, and security metrics development.
• Experience working with configuration management/change control processes and documentation repositories.

• While performing the duties of this job, the employee is regularly required to talk or hear.
• Possess the ability to fulfill any and all office activities normally expected in an office setting, to include, but not limited to: remaining seated for periods of time to perform computer entry, participating in filing activity, lifting and carrying office supplies.
• The employee must occasionally lift and/or move up to fifteen (15) pounds.
• May require more than 40 hours per week to perform the essential duties of the position.
• Fine hand manipulation (keyboarding).

• May work prolonged or irregular hours.
• Frequent local travel; occasional statewide or out‑of‑state travel.
• The noise level in the work environment is usually moderate.
• Exposure to general office conditions while conducting office duties.

Edgewater Federal Solutions is an Equal Opportunity Employer. It has been and continues to be our policy to provide equal employment to all employees and applicants for employment without regard to race, color, religion, gender, national origin, age, disability, marital status, veteran status and/or other status protected by applicable law.