Cyber GRC Analyst

Job ID: 2511620

Location: REMOTE WORK, TX, US

Date Posted: 2025-11-17

Category: Cyber

Subcategory: Cyber GRC

Schedule: Full-time

Shift: Day Job

Travel: No

Minimum Clearance Required: None

Clearance Level Must Be Able to Obtain: None

Potential for Remote Work: Yes

Description

SAIC is seeking a remote Senior Cyber GRC Analyst to join our team providing Security Operations Services for a major state & local government customer located in Texas. It is a program requirement that no program work be performed outside of the United States. This position reports to our Technical Director and is a member of the team providing security planning, management and oversight for data center and cloud services. Working with fellow team members, the Senior Cyber GRC Analyst will be primarily responsible for activities associated with cyber vulnerability management, cyber risk management, threat intelligence, establishment of standards and policy, and supporting related tasks and recurring deliverables.

Primary job responsibilities include:

• Using the NIST Risk Management Framework (RMF) and other standards-based guidance, perform risk analysis including identification, recommendation of mitigations, and tracking of risks throughout their lifecycle
• Perform threat modeling and assessment
• Analyze and assess vulnerability data from scanning tools, cyber intelligence or other resources to determine validity, severity and impact to SAIC customers
• Coordinate audit activities by internal and external parties including SOC II Type 2 audits (external)
• Using NIST SP800-53R4 and other references, design and coordinate the implementation of cyber security controls with technical teams
• Coordinate and oversee the development of system security plans and compliance with standards and policies
• Interact with peer supplier organizations in the assessment of risk for their systems and technologies, and coordinate risk management and response activities
• Maintain POAMs and supervise the completion of assign tasks and activities by others
• Perform baseline assessments of cybersecurity compliance against documented standards and requirements
• Help to ensure that SAIC and in scope systems are patched according to approved schedule and requirements
• Provide input and assessment of new risks and recommend actions
• Coordinate annual cybersecurity assessment across multiple vendors and service providers; produce consolidated assessment report
• Provide reports, communication and engagement with stakeholders and management
• Provide senior management and executive briefings, summaries and reports on activities, assessments and cyber security posture
• Coordinate business continuity and disaster recovery activities
• Lead maintenance of policy, procedures, and related job aid documentation

Qualifications

Required Education & Experience:

• Bachelor's Degree in related discipline and five (5) years related experience; OR, Master's Degree and three (3) years of experience in a related discipline (e.g. Information Security)
• 3-5 years of experience with cyber risk management including the NIST RMF and SP800-53R4
• 3-5 years of experience with cyber vulnerability and/or risk management
• 3-5 years of experience providing and coordinating cyber security assessments and audits
• Cybersecurity certification (CISSP or CRISC preferred; alternatives include CompTIA Security+, CEH, CISA, CISM, GSLC)
• Experience with the development and documentation of cybersecurity policies and standards
• Cyber security in data center and cloud environments
• Ability to create reports and visualizations to support Risk & Compliance activities
• Excellent oral and written communication skills

Preferred:

• Experience with Vulnerability Management & Compliance scanning tools such as Tenable or Qualys.
• Experience with ITIL, ITIL certification
• Experience with ITSM/Reporting tools such as ServiceNow

Target salary range: $80,001 - $120,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.