IT Risk Specialist

Peraton is seeking a IT Risk Specialist to join our team of qualified, diverse individuals and risk identification, assessment, and mitigation strategies in a dynamic IT environment. . The ideal candidate will support the Department of Homeland Security (DHS). The ideal candidate will have a strong background in IT governance, cybersecurity, compliance, and enterprise risk management, ensuring that IT operations align with business objectives while minimizing risks.

Day to Day Responsibilities:

• Risk Assessment & Mitigation: Identify, evaluate, and mitigate IT and cybersecurity risks across infrastructure, applications, and business processes.
• Governance & Compliance: Ensure adherence to industry standards and regulatory frameworks (e.g., NIST, ISO 27001, COBIT, SOC 2, GDPR, HIPAA).
• Security & Threat Management: Collaborate with cybersecurity teams to assess vulnerabilities, manage incident response plans, and enhance threat detection mechanisms.
• Policy & Framework Development: Design and implement IT risk management policies, controls, and frameworks to safeguard digital assets.
• Business Continuity & Disaster Recovery: Oversee IT risk-related aspects of BCP/DR planning and testing.
• Vendor & Third-Party Risk Management: Assess and monitor risks associated with third-party vendors, cloud services, and IT outsourcing partners.
• IT Audit & Compliance Reviews: Support internal and external audits, ensuring IT systems and processes meet compliance requirements.
• Incident & Root Cause Analysis: Lead post-incident reviews, analyze root causes, and implement corrective actions to prevent future occurrences.
• Stakeholder Communication: Work closely with IT leadership, security teams, and business units to ensure risk transparency and alignment with corporate objectives.
• Training & Awareness: Conduct risk awareness training and promote a strong IT risk management culture.

#TSAIMPACT

Basic Qualifications:

• Bachelors degree and 0 years of experience or a High School diploma and 4 years of experience.

• Must be a U.S. Citizen with the ability to obtain a public trust clearance.

• Experience in IT risk management, cybersecurity, or IT governance.
• Strong understanding of IT infrastructure, cloud computing (AWS, Azure), and cybersecurity principles.
• Hands-on experience with risk assessment methodologies (ISO 31000, FAIR, OCTAVE, etc.).
• Knowledge of regulatory compliance frameworks (e.g., NIST 800-53, ISO 27001, PCI DSS, GDPR, HIPAA, SOX).
• Familiarity with security tools and technologies (SIEM, IDS/IPS, vulnerability scanners, firewalls, endpoint protection).
• Experience with GRC (Governance, Risk, and Compliance) tools such as Archer, ServiceNow GRC, or MetricStream.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication and stakeholder management abilities.

Preferred Certifications:

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• ITIL Foundation certification (preferred), must obtain within 30 days of job acceptance