IT Risk Management Analyst / Security Control Analyst

US-CO-Fort Collins


ASRC Federal Vistronix is actively seeking an IT Risk Management Analyst to join our team.  The selected candidate will support a government client in Fort Collins, CO as a key member of a program support team for an enterprise-level software development initiative.


Would you like to be part of a dynamic team of dedicated software professionals?  Are you concerned about protecting our Nation’s natural resources?  We need people who are committed to action.  People who want to apply their education and experience to make sure that all of us enjoy the benefits of productive soil, clean water, clean air, and abundant wildlife that come from a healthy environment.


Natural resource conservation is an effort of Federal and State agencies, universities, and professional societies to deliver science-based information to land owners.  Join us to build the technology to help people understand, preserve and increase the productivity of our natural resources.





This position requires knowledge of effective and efficient management of IT risk and controls, to ensure that regulatory and compliance requirements are met throughout the Software Development Life Cycle (SDLC).  The candidate will be responsible for:

  • Developing and nurturing trusted relationships with the IT Project Managers who are responsible for NRCS applications
  • Performing interviews, walkthroughs and risk assessments for key controls on new and existing applications throughout the SDLC to ensure that IT regulatory requirements are being effectively met (i.e., designed, tested and deployed)
  • Ensuring that existing controls are accurately documented in procedures and Application Security Profiles (ASPs), with current evidence of effective operation
  • Documenting Privacy Impact Assessments (PIAs) for web applications
  • Cultivating respect and trust from Security, Privacy and Compliance team members with regards to compliance strategies and remediation of findings
  • Conducting periodic interim risk assessments with IT Project Managers
  • Understanding the broad regulatory landscape affecting IT Security and Privacy and remaining current with emerging regulatory requirements (e.g., Revision 4 of NIST SP 800-53) as well as the current solution trends in the marketplace



Education and Experience:  

  • Bachelor’s degree (computer science or related)
  • 5+ years of business related experience
  • 4+ years in Technology Risk, IT Audit, and/or Information Security, including the assessment of applications against regulatory requirements, for new software development projects and existing applications that are in the maintenance phase of their lifecycle
  • Desired to have active Certified Information Systems Auditor (CISA) certification, with CIPP/G certification also desired


Required Skills and Competencies:

  • Strong communication, interpersonal and organizational skills, including the ability to write in clear, concise language
  • Ability to multi-task, work both independently and as part of a team in a dynamic, fast-paced work environment
  • Familiarity with government systems and operations – prior government work experience (contractor or federal) preferred
  • Proficiency with MS Office Suite, including Word, Excel and PowerPoint
  • Experience with using MS Project and VISIO


Desired Skills:

  • Understanding of application of security controls as defined in NIST SP 800-53
  • Understanding of privacy requirements (i.e., the Privacy Act of 1974)
  • Able to apply sound judgment, pragmatic thinking and tact in complex projects
  • Experience with enterprise-level IT Risk Management and /or IT Audit functions
  • Excellent communicator with strong client relationship focus when working with IT Project Managers, enterprise architects, and information security engineers to articulate options to mitigate risk
  • Active Project Management Professional (CAPM or PMP) certification preferred


Successful candidate is subject to a background investigation by the government and must be able to meet the requirements to hold a position of Public Trust.

ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.






Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed