Senior GRC Analyst

  • San Francisco, CA
  • Posted 2 days ago | Updated 13 hours ago

Overview

On Site
Depends on Experience
Contract - Independent
Contract - W2
Contract - 12 Month(s)

Skills

zero trust
FISMA
NIST SP 800-53
CUI standards
Information Security Risk
RSAM
SSPs
SARs
POA&Ms
IT teams
auditors
external audits
assessments
FedRAMP
risk management
eMASS
CSAM
GRC
CISSP
CISM
CAP
CRISC
AWS
On Prem
SCAP
STIGs
Policy lifecycle
audit readiness
regulatory alignment
control implementation
Vendor assessments
SIG review
risk tiering
remediation tracking

Job Details

Information Security Analyst II

Location: San Francisco, CA (Onsite Role)

12- Months+

  • Job Title: Information Security Risk Specialist (FISMA/NIST Compliance)

     

    Job Summary

    The Information Security Risk Specialist will conduct comprehensive risk assessments, validate security controls, and ensure compliance with federal regulations, including FISMA, NIST SP 800-53, CUI standards, and agency-specific requirements. This role involves authoring and maintaining Authority to Operate (ATO) documentation, collaborating with stakeholders, and supporting audit activities to ensure systems meet federal security standards.

     

    Key Responsibilities

    • Perform in-depth risk assessments and control validations for Moderate-impact federal systems and third-party services to ensure compliance with FISMA, NIST SP 800-53, and CUI requirements.
    • Develop, update, and maintain ATO documentation packages, including:
      • System Security Plans (SSPs)
      • Security Assessment Reports (SARs)
      • Plans of Action & Milestones (POA&Ms)
    • Manage compliance tracking and audit readiness using tools such as RSAM (Risk Management System).
    • Support continuous monitoring activities, including security control assessments and vulnerability remediation.
    • Collaborate with IT teams, auditors, and stakeholders during external audits, assessments, and FISMA reporting.
    • Ensure alignment with agency-specific security controls and recommend mitigations for identified risks.
    • Assist in security policy development and process improvements to enhance compliance posture.

     

    Required Qualifications

    • 3+ years of experience in federal cybersecurity, FISMA compliance, or risk management.
    • Strong knowledge of NIST SP 800-53, FISMA, CUI, and FedRAMP requirements.
    • Experience developing ATO packages (SSPs, SARs, POA&Ms) for federal systems.
    • Familiarity with GRC tools (e.g., RSAM, eMASS, CSAM) and audit processes.
    • Ability to interpret security controls and work with ISSOs, ISSEs, and IT teams.
    • Strong technical writing skills for policy and compliance documentation.
    • Certifications preferred: CISSP, CISM, CAP, CRISC, or equivalent.

     

    Preferred Qualifications

    • Experience with cloud security (AWS/Azure/Google Cloud Platform) in a federal environment.
    • Knowledge of SCAP, STIGs, and continuous monitoring tools.

 

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.