Cybersecurity Innovation & Risk Analyst

About Us:
At RELI Group, our work is grounded in purpose. We partner with government agencies to solve complex challenges, improve public health, strengthen national security, and make government services more effective and efficient. Our team of over 500 professionals brings deep expertise and a shared commitment to delivering meaningful outcomes. Behind every solution is a group of experts who care deeply about impact—whether we’re supporting data-driven decisions, modernizing systems or safeguarding critical programs.

Position Summary:

The Cybersecurity Innovation & Risk Analyst will provide independent, objective advice, guidance, and technical support to advance cybersecurity risk management and innovation for the Centers for Medicare & Medicaid Services (CMS), Center for Consumer Information & Insurance Oversight (CCIIO). This role is responsible for strengthening Enterprise Risk Management (ERM) Processes, analyzing emerging technologies, and delivering strategic recommendations to improve the security, privacy, and resilience of the Marketplace. The analyst will align business processes to enterprise frameworks and support operational cyber activities.

Responsibilities:

Enterprise Risk Management (ERM) Support

• Assess, improve, and advance CCIIO’s Enterprise Risk Management (ERM) framework to safeguard the confidentiality, integrity, availability, and privacy of mission-critical systems and data
• Align Marketplace business processes with CMS’s ERM framework to ensure risks are managed holistically and in support of Marketplace objectives
• Tailor ERM strategies to meet Marketplace-specific security and privacy requirements while ensuring compliance with CMS, HHS, OMB, and NIST standards

Business Process Alignment & Improvement

• Partner with stakeholders across CMS to integrate ERM principles into business processes supporting the No Surprises Act, Price Transparency, and other mission priorities
• Identify and recommend process improvements leveraging existing tools and methodologies to enhance efficiency and reduce risk

Emerging Technology Research & Innovation

• Conduct research and analysis of emerging technologies (e.g., Artificial Intelligence, encryption, Zero Trust solutions) with a focus on security, privacy, ethical use, and mission impact
• Provide quarterly and ad hoc reports documenting technology implications, opportunities, risks, and solution recommendations
• Support Proof of Concept (POC) activities by supporting analyzing attack surfaces, conducting threat/vulnerability/impact assessments, and recommending integration approaches for new capabilities

Cybersecurity Operational Support

• Support ongoing Marketplace cyber operations including:
• Attack Surface Updates (ASU)
• Cyber Risk Management (CRM)
• Zero Trust (ZT) initiatives
• Collaborate on implementation and evaluation of new and updated security tools and processes
• Examine business, mission, and user practices to recommend strategies for reducing the overall attack surface
• Collaboration & Stakeholder Engagement
• Attack Surface Updates (ASU)
• Cyber Risk Management (CRM)
• Zero Trust (ZT) initiatives
• Collaborate on implementation and evaluation of new and updated security tools and processes
• Examine business, mission, and user practices to recommend strategies for reducing the overall attack surface
• Collaboration & Stakeholder Engagement
• Attack Surface Updates (ASU)
• Cyber Risk Management (CRM)
• Zero Trust (ZT) initiatives
• Collaborate on implementation and evaluation of new and updated security tools and processes
• Examine business, mission, and user practices to recommend strategies for reducing the overall attack surface
• Collaboration & Stakeholder Engagement
• Work with CMS, CCIIO, MSI, and other stakeholders to determine feasibility and enterprise-wide impact of emerging technologies
• Act as a trusted advisor by providing objective, data-driven recommendations to inform security and risk management decision-making

• Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, or related field
• 5+ years of experience in cybersecurity, risk management, or IT governance in a federal environment
• Strong knowledge of NIST frameworks (NIST CSF, RMF, NIST SP 800-53), OMB directives, HHS/CMS/CCIIO policies
• Familiarity with CMS ARS, FISMA, and FedRAMP compliance requirements
• Demonstrated experience in enterprise risk management, business process improvement, and emerging technology analysis
• Strong analytical, technical writing, and stakeholder engagement skills

Preferred:

• Master’s degree in Cybersecurity, Risk Management, or related field
• Experience with AI/ML risk assessment, Zero Trust, and encryption technologies
• Certifications such as CISSP, CISM, CISA, or CRISC

Eeo Employer:

RELI Group is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.

Hubzone:

We encourage all candidates who live in a HUBZone to apply.  You can check to see if your address is located in a HUBZone by accessing the SBA HUBZone Map.

The annual salary range for this position is $90,000 to $105,000. Actual compensation will depend on a range of factors, including but not limited to the individual’s skills, experience, qualifications, certifications, location, other business and organizational needs, and applicable employment laws. The estimate displayed represents the typical salary range for this position and is just one component of the total compensation package for employees. RELI Group provides a variety of additional benefits to its employees. For additional details on the benefits that RELI Group offers click here