Security Governance, Risk & Compliance Analyst

Job#: 2088898

Job Description:

Security Governance, Risk, and Compliance Analyst

Apex Systems is hiring for a Security Governance, Risk, and Compliance Analyst with a large government IT-integrative company in McLean, VA!

If interested in applying, please apply directly or email a copy of your updated resume to Melissa at (please reference Job ID: 2088898 in your email)

Location: Remote-Hybrid, 3 days/week on-site in McLean, VA

Schedule: M-F, Core Business Hours

Contract Duration: The client estimates the contract is slated to go through March 2026, possibility for extension

We are seeking a highly motivated and experienced Cybersecurity Specialist or Authorization Program Lead to support our Department of Defense (DOD) and other government agency clients in their effort to achieve ATO. The ideal candidate will have a strong background in the full lifecycle of the Risk Management Framework (RMF) and a deep understanding of the DOD Agency Authorization to Operate (ATO) process. This role will involve working with various stakeholders to ensure that systems and applications meet security requirements and are authorized for operation.

Key Responsibilities:

• RMF and ATO Management: Lead and support the full lifecycle of the Risk Management Framework (RMF) process, from system categorization to continuous monitoring. Manage and track all activities required to achieve an Agency Authorization to Operate (ATO) across multiple concurrent ATOs. Establish a repeatable and scalable process to be used for all DOD and Agency ATOs.
• Documentation and Artifacts: Develop, review, and maintain all required security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Actions and Milestones (POA&Ms), and Consequence of Operations (CONOPS) plans.
• Security Control Assessments: Conduct comprehensive security control assessments and evaluations to ensure compliance with DOD and government security policies, including NIST SP 800-53, DISA STIGs, and other relevant directives.
• Collaboration: Work closely with system owners, developers, ISSOs, and other stakeholders to identify, document, and mitigate security vulnerabilities and risks.
• Vulnerability and Risk Management: Develop and manage Plan of Actions and Milestones (POA&Ms) to track and remediate identified vulnerabilities. Provide expert guidance on risk mitigation strategies.
• Policy and Compliance: Interpret and apply federal and DOD cybersecurity policies and regulations, providing guidance to project teams to ensure compliance.
• Reporting and Briefings: Prepare and present status updates, reports, and security briefings to management and government clients.
• Continuous Monitoring: Support the continuous monitoring program by conducting regular security reviews, vulnerability scans, and audits to maintain the security posture of authorized systems.

Required Qualifications:

• Education: Bachelors degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent experience may be considered in lieu of a degree.
• Experience: 7+ years of experience in a cybersecurity role, specifically supporting DOD or other federal government Authorization to Operate (ATO) efforts.
• RMF Expertise: In-depth knowledge of the NIST Risk Management Framework (RMF) and its application in the DOD environment.
• Technical Knowledge: Familiarity with cybersecurity tools and technologies, including vulnerability scanners (e.g., ACAS/Nessus), GRC platforms (e.g., eMASS, Xacta), and security information and event management (SIEM) systems.
• Communication: Excellent written and verbal communication skills, with the ability to effectively communicate complex technical information to both technical and non-technical audiences.
• Attention to Detail: Strong organizational skills and meticulous attention to detail are crucial for managing complex documentation and compliance requirements.

Preferred Qualifications:

• Experience with specific DOD systems and processes (e.g., eMASS, RMF Knowledge Service, etc.).
• Experience with AI tools to streamline the ATO process.
• Experience with cloud security and supporting ATOs for cloud-based systems (e.g., FedRAMP, DOD Cloud SRG).
• Knowledge of specific government agency policies (e.g., FISMA, FedRAMP).
• Experience with a scripting language (e.g., Python, PowerShell) for automation tasks.

*Please note that as a contract employee of Apex Systems, benefits include the below with employee contribution*

• Health
• Dental
• Vision
• Life Insurance; Short Term Disability
• Hospitalization Coverage
• Direct Deposit
• Weekly Pay Periods
• Training and Development Programs
• 401k
• Referral Program

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or .

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.