Cloud Assessment Analyst III

The Cloud Assessment Analyst III supports DoD and FedRAMP cybersecurity oversight for Cloud Service Offerings by performing Continuous Monitoring, Annual Assessments, and risk evaluations to ensure compliance with RMF and NIST 800-53 requirements. The role works closely with Cloud Service Providers and Authorizing Officials to review security controls, POA&Ms, vulnerability data, deviation and change requests, and to produce risk summaries, reports, and briefings using eMASS and other GRC tools in a mission-critical, regulated environment.

Chickasaw Nation Industries, Inc. serves as a holding company with multiple subsidiaries engaged in several lines of business (Technology, Infrastructure & Engineering, Health, Manufacturing, Public Safety, Consulting, and Transportation) for the federal government and commercial enterprises. A portion of our profits is used to support Chickasaw citizens. We are proud to support the economic development and long-term viability of the Chickasaw Nation and its people. CNI offers premium benefits eligible on the first day of hire to full time employees; (Medical - Dental – Vision), Company Life Insurance, Short-Term and Long-Term Disability Insurance, 401(K) Immediate Vesting, Professional Development Assistance, Legal Aid Assistance Program, Family Planning / Fertility Assistance, Personal Time Off, and Observance of Federal Holidays.

As a federal contractor, CNI is a drug-free workplace and adheres to the Federal Controlled Substance Act.

ESSENTIAL REQUIREMENTS

• Have an active DoD Top Secret clearance with SCI eligibility

• DoD 8570 IAM/IA Technical (IAT) Level III certification

• Strong knowledge and hands-on experience with FedRAMP, NIST SP 800-53, DoD RMF, and related cybersecurity frameworks

• Proven experience working with Cloud Service Providers (CSPs) in a government or regulated environment

• Expertise in evaluating security control implementations, conducting Annual Assessments, reviewing POA&Ms, deviation requests, and other artifacts related to risk posture

• Demonstrated experience using eMASS, and familiarity with other GRC tools used by DoD or federal agencies

• Solid understanding of vulnerability scanning tools, SIEM platforms, and security monitoring tools

• Strong analytical skills with the ability to interpret technical data and identify risks and mitigation strategies

• Excellent verbal and written communication skills to produce technical reports, risk summaries, and briefings for stakeholders including Authorizing Officials (AOs)

• Experience developing or maintaining Continuous Monitoring (ConMon) plans, reports, and dashboards

• Ability to work independently and collaboratively in a fast-paced, mission-critical environment

KEY DUTIES AND RESPONSIBILITIES

Essential duties and responsibilities include the following. Other duties may be assigned.

• Conducts thorough reviews and analyses of Deviation Requests including validations or justifications for security findings.

• Evaluates and develops Monthly One Pagers that summarize the cybersecurity posture of Cloud Service Offerings (CSOs)

• Performs Annual Assessments to validate the implementation of mandatory security controls across the CSO baseline and assess one-third of the remaining controls annually.

• Prepares and reviews weekly Playbooks to report on the Continuous Monitoring (ConMon) status of designated CSOs.

• Reviews and assesses Security Change Requests (SCRs) that propose new requirements or capabilities for CSOs.

• Analyzes scan data, Plans of Action and Milestones (POA&Ms), and other change artifacts to assess ongoing risk posture changes of Cloud Service Providers (CSPs).

• Ensures the DoD and FedRAMP monitoring programs enable effective oversight of CSPs by providing risk-based data to inform Authorizing Officials (AOs).

• Performs ongoing assessments and validations to confirm that security controls are implemented and compliant with DoD and FedRAMP standards.

• Ensures effective operation of system safeguards and controls through a proactive, risk-based monitoring approach.

• Maintains continuous visibility into CSP applications and devices to support data-driven decision-making and adherence to authorized risk thresholds.

• Supports risk-based situational awareness for network security by conducting architectural reviews that expedite mitigation efforts.

• Integrates security and risk management processes to identify actionable items driven by threat and vulnerability assessments.

• Validates that CSPs regularly perform vulnerability scans as mandated by DoD and FedRAMP security control requirements.

• Recommends and oversees the submission and review of POA&Ms, vulnerability scans, Playbooks, Change Requests, Deviation Reports, and Monthly One Pagers.

• Contributes to a leverage model that reduces government costs, time, and resources associated with ConMon for cloud systems.

• Conducts Annual Assessments in accordance with FedRAMP and DoD requirements.

• Provides comprehensive ConMon compliance assessments and risk analyses for each assigned CSO including input for annual reviews, extension and change requests, Binding Operational Directives (BODs), and Emergency Directives (EDs) supported by documentation, recommendations, reports, and briefings.

• Uploads all documentation or changes in control status related to ConMon activities into eMASS or a government-designated Governance, Risk, and Compliance (GRC) system.

• Documents ConMon standards and frameworks.

• Utilizes government-specified cybersecurity tools to support cyber compliance monitoring and maintenance.
  

EDUCATION/EXPERIENCE REQUIRED

Bachelor's degree (IT-related field preferred) and e ight (8) years of overall experience in cybersecurity or network security position; with at least 5 years in cloud security assessment or continuous monitoring roles.

PHYSICAL DEMANDS

Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job.

EOE including Disability/Vet

The estimated pay range for this role is $96K to $110K, with the final offer contingent on location, skillset, and experience.

CNI offers a comprehensive benefits package that includes:

• Medical
• Dental
• Vision
• 401(k)
• Family Planning/Fertility Assistance
• STD/LTD/Basic Life/AD&D
• Legal-Aid Program
• Employee Assistance Program (EAP)
• Paid Time Off (PTO) – (11) Federal Holidays
• Training and Development Opportunities

Your application submission will be considered for all potential employment opportunities with Chickasaw Nation Industries (CNI).