Junior GRC Analyst
Hybrid | Washington D.C. | 1 Day a Week Onsite
US Citizenship Requred
Summary
Our client is an employee and Service-Disabled, Veteran-owned Small Business focused on providing niche technical services. They are a team of experienced cybersecurity professionals with a track record of success in the Federal, Commercial, and Academic workspaces. Additionally, our client designs, builds, operates, and secures scalable cloud and IT infrastructures to meet their customers’ near-term needs and fulfill their long-term requirements.
Responsibilities
Our client is seeking a Junior GRC Analyst to work alongside existing analysts in support of their client's Vendor Risk Management program. The successful candidate will assist with performing vendor risk assessments, developing policies, and ensuring compliance with NIST standards and federal mandates. This is a great opportunity for individuals with a broad understanding of third-party risk management and experience with security and privacy assessments.
- Perform vendor risk management security and privacy assessments aligned with NIST standards, such as NIST 800-53 Rev. 5
- Assist in the creation and maintenance of third-party risk policies and procedures
- Conduct evaluations of vendor security and privacy practices, ensuring adherence to federal regulations, including FedRAMP and Executive Order 14028: Improving the Nation's Cybersecurity
- Provide policy support for vendor risk management, including writing and updating policies and procedures
- Facilitate end-to-end processes associated with vendor product compliance, supporting long-term planning and process improvements
- Maintain and manage the vendor risk inventory, recommending and implementing process enhancements
- Collaborate with internal teams to support third-party risk activities, including cloud compliance processes and vendor tiering
Requirements
- 1-3+ years of relatable experience is required for this position
- Broad understanding of third-party risk management, contract management, and procurement processes
- Experience conducting security and privacy assessments in alignment with NIST standards, such as NIST 800-53 Rev. 5
- Experience creating and maintaining third-party risk policies and procedures
- Strong analytical skills with the ability to assess vendor risk and develop actionable recommendations
- Excellent written and verbal communication skills for policy development and collaboration with cross-functional teams
Preferred Requirements
- Familiarity with assessing and evaluating cloud products; experience with FedRAMP compliance activities is highly desired
Education/Certification Requirements
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. Please be aware that onboarding can take 4-6 weeks for this position.
--------------
About Us
Northern Virginia-based Precision Solutions is an expert in staffing solutions for companies of any size that open the door to new opportunities and seek outstanding talent. We pride ourselves on being versatile enough to tailor our relationships to the needs of each individual client, being agile in the fast-paced marketplace, and being precise in meeting the needs of any company.
Equal Opportunity Employer Statement
Precision Solutions is an equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.