×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Senior Cybersecurity Risk Analyst US-Remote

Remote / Online - Candidates ideally in
Arlington, Arlington County, Virginia, 22201, USA
Listing for: American Institutes for Research
Remote/Work from Home position
Listed on 2026-02-28
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Position: Senior Cybersecurity Risk Analyst New US-Remote

Join AIR as a Senior Cybersecurity Risk Analyst
. This is a key role within AIR’s Information Security Office, responsible for coordinating and driving institution‑wide security initiatives. The Senior Cybersecurity Risk Analyst will apply technical expertise across advanced security testing, continuous threat exposure management, and red‑team initiatives while leading risk and assurance activities, internal assessments, continuous monitoring, and client security questionnaire responses.

This position will support data governance efforts, including information security plan reviews. If you are ready to make a significant impact and excel in a fast‑paced environment, this role is for you. The position requires broad expertise across application security testing, risk identification and treatment, and security assessment and authorization activities. This position reports to Director, Head of Information Security.

This remote position offers hybrid work flexibility to work from one of AIR’s U.S. office locations with occasional travel required for meetings, training sessions, and conferences.

About AIR:

Founded in 1946 and headquartered in Arlington, Virginia, the American Institutes for Research (AIR) is a nonpartisan, not‑for‑profit organization that conducts behavioral and social science research and delivers technical assistance to address some of the most pressing challenges in the United States and globally. We generate evidence and apply data‑driven solutions that expand opportunities and improve lives for all.

Responsibilities:
  • Drive and perform vulnerability management activities, including scanning, analyzing, reporting, and tracking network, container, application, and static code findings in collaboration with cross‑functional teams.
  • Execute application security testing and findings analysis, including DAST, SAST, continuous threat exposure management activities, and targeted red teaming engagements.
  • Lead cyber risk management efforts by identifying risks, developing and reporting treatment plans, and maintaining the enterprise risk registry.
  • Oversee and drive the remediation of findings utilizing standard Plan of Action and Milestones (POA&M) processes resulting from both internal and external security controls assessment, vulnerability assessments, and security testing.
  • Execute and contribute to internal controls assessments for AIR web applications, secure data enclaves, general support systems, and other key systems to support internal and external client security requirements.
  • Respond to client data security and privacy questionnaires with accuracy and subject‑matter expertise.
  • Perform and drive continuous monitoring activities to ensure ongoing compliance with internal policies and external regulatory requirements.
  • Support data governance by conducting information security plan reviews and contract reviews.
  • Serve as AIR’s HIPAA Security Officer, ensuring compliance with HIPAA Security Rule requirements.
  • Support third party risk management activities, including evaluating new software and artificial intelligence (AI) use cases.
  • Duties, responsibilities, and activities may change, or new ones may be assigned at any time based on business needs.
Qualifications:

Education, Knowledge, and Experience

  • Bachelor’s degree and at least 9 years of relevant experience in information security.
  • A major cybersecurity certification from ISC2, ISACA, Off Sec, or SANS.
  • A minimum of 5 years of hands‑on experience with vulnerability management and security testing tools, including DAST, SAST, and SCA.
  • At least 5 years of experience securing and testing cloud environments such as Azure, AWS, or Google Cloud.
  • A track record of 2+ years of experience conducting cyber risk and assurance activities, including applying relevant security frameworks.
  • Strong understanding of key standards, including NIST SP 800‑53, 800‑171, and 800‑88.
  • The candidate should be able to obtain a Level 6C Security clearance (Public Trust Position).

Skills

  • Exceptional communicator with the ability to translate complex technical concepts for diverse audiences and a strong team‑oriented mindset, consistently fostering effective collaboration across…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search