Senior GRC Analyst

Hybrid | Washington D.C. | 1 Day a Week Onsite

US Citizenship Requred

Summary

Our client is an employee and Service-Disabled, Veteran-owned Small Business focused on providing niche technical services. They are a team of experienced cybersecurity professionals with a track record of success in the Federal, Commercial, and Academic workspaces. Additionally, our client designs, builds, operates, and secures scalable cloud and IT infrastructures to meet their customers’ near-term needs and fulfill their long-term requirements.

Responsibilities

Our client is seeking a Senior Governance, Risk, and Compliance (GRC) Analyst to enhance their GRC program by aligning it with NIST standards and improving risk management processes. The successful candidate will work alongside existing analysts to consolidate risk management practices, improve GRC documentation, and ensure effective communication of compliance measures.

• Design and implement consolidated risk management processes that adhere to NIST standards
• Improve existing GRC documentation based on NIST guidance, focusing on continuous monitoring programs and risk evaluation at system and enterprise levels
• Develop and document control implementation statements for system-specific, hybrid, and common controls
• Improve documentation for maintaining and communicating a common control catalog in line with the GRC process
• Work with stakeholders to identify and implement inheritable controls and document inheritance criteria
• Enhance GRC dashboards and reporting to track program metrics and effectiveness
• Communicate complex regulatory and compliance information clearly to various stakeholders
• Support the Board’s GRC program by assisting with the development and refinement of processes and documentation
• Track and report on metrics related to continuous monitoring, training performance, and the effectiveness of security and privacy programs

Requirements

• 5-7+ years of relatable experience is required for this position
• Deep understanding of relevant laws and regulations, including NIST guidance and OMB memoranda
• Extensive knowledge of the NIST Risk Management Framework and key publications such as NIST SP 800-37, 800-53 Revision 5, and 800-137
• Familiarity with the FedRAMP process and documentation, including customer responsibility matrices
• Experience developing and documenting control implementation statements for system-specific, hybrid, and common controls
• Experience with GRC tools for collecting and reporting on security and privacy metrics (Xacta 360 and Power BI experience is preferred)
• Strong communication skills, with the ability to convey complex regulatory and compliance information clearly
• Experience working with common control catalogs, provider systems, and inheritance models
• Experience with continuous monitoring metrics and reporting, including tracking training and awareness program performance

Preferred Requirements

• Experience improving dashboards and reporting for GRC programs
• Proven ability to develop metrics that measure the effectiveness of security and privacy trainings
• Strong background in working with risk management processes and compliance documentation

Education/Certification Requirements

• None