George Washington University
Cybersecurity Risk Analyst
🇺🇸 Hybrid - Ashburn, VA
🕑 Full-Time
💰 $62K - $97K
💻 Cybersecurity
🗓️ December 15th, 2025
CISM
CISSP
Edtech.com's Summary
George Washington University is hiring a Cybersecurity Risk Analyst. The role involves developing and implementing IT risk management strategies to identify, reduce, or monitor risks, conducting vendor and product risk assessments, supporting cybersecurity awareness programs, and collaborating with stakeholders to mitigate risks and ensure compliance with university policies and regulations.
Highlights
- Develop and deliver IT security awareness and skills programs for faculty, staff, and students.
- Collaborate with institutional stakeholders to identify, manage, and track IT risks.
- Perform third-party, product, and service risk assessments and report findings.
- Support assurance and compliance efforts related to regulated research data and applicable regulations.
- Develop and implement policies, standards, and procedures for university-wide risk mitigation.
- Experience with NIST cybersecurity frameworks (CSF, 800-53, 800-171) and IT security risk governance frameworks.
- Preferred knowledge of GRC tool administration and cloud security measures.
- Bachelor's degree plus 2 years relevant experience, or a Master's degree or higher in a related field.
- Desired certifications include CISSP, CISA, CISM, CRISC, TPCRA, and CASP.
- Hiring salary range: $62,486.82 - $96,666.64.
Cybersecurity Risk Analyst Full Description
Cybersecurity Risk Analyst
Please see Special Instructions for more details.
Employer will not sponsor for employment Visa status
Posting Details
I. JOB OVERVIEW
Job Description Summary: | George Washington University Information Technology (GWIT) is the chief provider of technology services and applications at The George Washington University (GW). GWIT partners with all key stakeholders across GW to equip students, faculty, and staff with the technology and tools necessary to achieve academic and research excellence. This position works within GWIT to assure the security and compliance of systems to assure their confidentiality, integrity, and availability while protecting regulated, non-regulated, and research data.
This position works within GWIT Technology Cybersecurity Risk and Assurance team to develop and implement the GW IT risk management strategy to identify, reduce / remediate, or monitor risks through education, awareness, IT vendor and product risk assessments and risk remediation monitoring across on-premises, managed cloud, and SasS environments. The position works collaboratively with other risk analysts and security engineers to enhance threat and vulnerability management for operational, academic, and research systems and tools. The position will also support assurance and compliance efforts as they relate to regulated research data and other applicable regulations and university polices. The position ensures collaborative outcomes with university stakeholders, external vendors, and partners with internal and external stakeholders to improve processes, mitigate risks, and remediate vulnerabilities related to IT risk. This position directly contributes to the overall GW IT cybersecurity risk management program including:
Development and delivery of IT security awareness and skills programs to faculty, staff, and students Collaboration with key institutional stakeholders to identify, manage and where appropriate accept / track IT risk Developing and implementing policies, standards and procedures to ensure university- wide risk mitigation. Performing third party, product, and service risk assessments coordinating information gathering and review, issue and risk identification, assessment outcome reporting, tracking risks and related remediation activities, generating and delivering reports for stakeholders Supporting and coordinating with compliance focused units and programs.
Performs other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.
Minimum Qualifications: | Qualified candidates will hold a Bachelor’s degree in an appropriate area of specialization plus 2 years of relevant professional experience, or, a Master’s degree or higher in a relevant area of study. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.
Additional Required Licenses/Certifications/Posting Specific Minimum Qualifications:
Preferred Qualifications: | Working understanding and experience with information security risk management and controls, effective communication and well-developed organizational skills. Demonstrated understanding of third-party IT security risk assessments, information security risk governance frameworks (i.e., NIST) and recommended mitigation approaches. Demonstrated knowledge about identifying information security risks and controls associated with IT operational processes, including user awareness and decision maker influence Demonstrated ability to track, monitor, and report on IT risk and control issues Ability to translate technical details and trends into management reports Demonstrated knowledge and/or experience preferred in: GRC tool application administration or a GRC tool user highly desired Public, Private and On-premises Cloud security measures and assessments Experience applying NIST CSF, NIST 800-53, NIST 800-171 controls, particularly in support of security standards and evaluation of vendor practices alignment with control frameworks Strong verbal and written communications skills Ability to work with and collaborate across teams Intellectual agility and interpersonal flexibility
Relevant cybersecurity certifications desired in one or more of the following areas: Third Party Cyber Risk Assessor (TPCRA) Certification Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) Certified Information Systems Manager (CISM) Certified in Risk and Information Systems Control (CRISC) CompTIA Advanced Security Practitioner (CASP)
Hiring Range | $62,486.82 - $96,666.64
GW Staff Approach to Pay | How is pay for new employees determined at GW?
This position works within GWIT Technology Cybersecurity Risk and Assurance team to develop and implement the GW IT risk management strategy to identify, reduce / remediate, or monitor risks through education, awareness, IT vendor and product risk assessments and risk remediation monitoring across on-premises, managed cloud, and SasS environments. The position works collaboratively with other risk analysts and security engineers to enhance threat and vulnerability management for operational, academic, and research systems and tools. The position will also support assurance and compliance efforts as they relate to regulated research data and other applicable regulations and university polices. The position ensures collaborative outcomes with university stakeholders, external vendors, and partners with internal and external stakeholders to improve processes, mitigate risks, and remediate vulnerabilities related to IT risk. This position directly contributes to the overall GW IT cybersecurity risk management program including:
Development and delivery of IT security awareness and skills programs to faculty, staff, and students Collaboration with key institutional stakeholders to identify, manage and where appropriate accept / track IT risk Developing and implementing policies, standards and procedures to ensure university- wide risk mitigation. Performing third party, product, and service risk assessments coordinating information gathering and review, issue and risk identification, assessment outcome reporting, tracking risks and related remediation activities, generating and delivering reports for stakeholders Supporting and coordinating with compliance focused units and programs.
Performs other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.
Minimum Qualifications: | Qualified candidates will hold a Bachelor’s degree in an appropriate area of specialization plus 2 years of relevant professional experience, or, a Master’s degree or higher in a relevant area of study. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.
Additional Required Licenses/Certifications/Posting Specific Minimum Qualifications:
Preferred Qualifications: | Working understanding and experience with information security risk management and controls, effective communication and well-developed organizational skills. Demonstrated understanding of third-party IT security risk assessments, information security risk governance frameworks (i.e., NIST) and recommended mitigation approaches. Demonstrated knowledge about identifying information security risks and controls associated with IT operational processes, including user awareness and decision maker influence Demonstrated ability to track, monitor, and report on IT risk and control issues Ability to translate technical details and trends into management reports Demonstrated knowledge and/or experience preferred in: GRC tool application administration or a GRC tool user highly desired Public, Private and On-premises Cloud security measures and assessments Experience applying NIST CSF, NIST 800-53, NIST 800-171 controls, particularly in support of security standards and evaluation of vendor practices alignment with control frameworks Strong verbal and written communications skills Ability to work with and collaborate across teams Intellectual agility and interpersonal flexibility
Relevant cybersecurity certifications desired in one or more of the following areas: Third Party Cyber Risk Assessor (TPCRA) Certification Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) Certified Information Systems Manager (CISM) Certified in Risk and Information Systems Control (CRISC) CompTIA Advanced Security Practitioner (CASP)
Hiring Range | $62,486.82 - $96,666.64
GW Staff Approach to Pay | How is pay for new employees determined at GW?
Healthcare Benefits
GW offers a comprehensive benefit package that includes medical, dental, vision, life & disability insurance, time off & leave, retirement savings, tuition, well-being and various voluntary benefits. For program details and eligibility, please visit https://hr.gwu.edu/benefits-programs.
GW offers a comprehensive benefit package that includes medical, dental, vision, life & disability insurance, time off & leave, retirement savings, tuition, well-being and various voluntary benefits. For program details and eligibility, please visit https://hr.gwu.edu/benefits-programs.
II. JOB DETAILS
Campus Location: | Ashburn, Virginia
College/School/Department: | GW IT
Family | Information Technology
Sub-Family | IT Risk and Compliance
Stream | Individual Contributor
Level | Level 2
Full-Time/Part-Time: | Full-Time
Hours Per Week: | 40
Work Schedule: | Monday - Friday 9am-5pm
Will this job require the employee to work on site? | Yes
Employee Onsite Status | Hybrid
Telework: | Yes
Required Background Check: | Criminal History Screening, Education/Degree/Certifications Verification, Social Security Number Trace, and Sex Offender Registry Search
Special Instructions to Applicants: | Employer will not sponsor for employment Visa status
Internal Applicants Only? | No
Posting Number: | S013954
Job Open Date: | 12/12/2025
Job Close Date: |
If temporary, grant funded, Sponsored Project funded or limited term appointment, position funded until: |
Background Screening | Successful Completion of a Background Screening will be required as a condition of hire.
EEO Statement: | The university is an Equal Employment Opportunity employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.
College/School/Department: | GW IT
Family | Information Technology
Sub-Family | IT Risk and Compliance
Stream | Individual Contributor
Level | Level 2
Full-Time/Part-Time: | Full-Time
Hours Per Week: | 40
Work Schedule: | Monday - Friday 9am-5pm
Will this job require the employee to work on site? | Yes
Employee Onsite Status | Hybrid
Telework: | Yes
Required Background Check: | Criminal History Screening, Education/Degree/Certifications Verification, Social Security Number Trace, and Sex Offender Registry Search
Special Instructions to Applicants: | Employer will not sponsor for employment Visa status
Internal Applicants Only? | No
Posting Number: | S013954
Job Open Date: | 12/12/2025
Job Close Date: |
If temporary, grant funded, Sponsored Project funded or limited term appointment, position funded until: |
Background Screening | Successful Completion of a Background Screening will be required as a condition of hire.
EEO Statement: | The university is an Equal Employment Opportunity employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.
Posting Specific Questions
Required fields are indicated with an asterisk (*).
- * Do you currently work at GW?
- yes
- no
- * For current GW employees, have you completed your Introductory Employment Period (IEP)? (As a reminder, employees in their IEP are not eligible to apply for other internal university staff and research positions until the IEP is complete.)
- Yes, IEP complete
- No, still in IEP
- N/a - not a current GW employee
- * What is your expected salary range?
(Open Ended Question)
Documents needed to Apply
Required Documents
- Resume
- Cover Letter
Optional Documents
Human Resource
Management & Development
Management & Development
2013 H Street, NW, 3rd Floor
Washington, DC 20006
Phone: 202-994-8500
Fax: 202-994-9680
Email: askhrmd@gwu.edu
Recognition_Toolkit
Talent@GWLogic
Washington, DC 20006
Phone: 202-994-8500
Fax: 202-994-9680
Email: askhrmd@gwu.edu
Recognition_Toolkit
Talent@GWLogic
Similar Jobs
Senior Privileged Access Management Engineer
Southern New Hampshire University
🇺🇸 Remote - US
Sr Information Security Analyst
HMH
🇮🇳 Bhurai, Maharashtra
Information Security Analyst I
University of the Pacific
🇺🇸 Stockton, CA
Information Security Engineers
University of Utah
🇺🇸 Hybrid - Salt Lake City, UT
Research Information Security Analyst
University of Kentucky
🇺🇸 Lexington, KY
