GRC Analyst

GRC Analyst

Location: WASHINGTON, DC, United States(Hybrid)

Description
Client is looking for a GRC Analyst to join our team.This is an exciting opportunity to work with a team responsible for IT Security Risk and Compliance support by providing direct support to the Information System Security and Privacy Officer (ISSPO) in managing and documenting the ongoing security posture of the agency. The Cybersecurity Analyst will support IT management with POA&M management and audit coordination activities. Specifically, this job requires the following:
Support agency IT Governance, Risk and Compliance and Audit Activities.
Gather any control deficiencies identified during control development for POA&M consideration.
Identify and analyze issues resulting from control assessments and audit reports that require remediation activities.
Support Audit finding analysis and collaborate with SMEs to perform research to identify possible solutions.
Work with ISSPO to identify POAM needs and organize POAM development process.
Collaborate with subject matter experts and Stakeholders to develop milestones.
Review outputs from POA&Ms to assess completeness and make recommendations for additional work needed or POA&M closure.
Support agency IT Governance, Risk and Compliance Activities such as management of standards, approvals, and waivers.
Support the PM by providing information for status reports, status briefings, schedules, project plans, etc., both in written and oral form.
Organize POA&M and Milestone development, IRL review sessions, and status update meetings, and document meeting decisions and actions.
Conduct periodic review of Milestone progress, analyze the pending tasks, and prioritize work with POA&M and Milestone Owners.
Review outputs from POA&Ms to assess completeness and make recommendations for additional work needed or POA&M closure.
Assist with security impact analysis, risk assessments and acceptance process.
Support the PM by providing information for status reports, status briefings, schedules, project plans, etc., both in written and oral form.
Support security artifact revisions in collaboration with SMEs to accurately represent the agency's security posture
Coordinate and lead cross-team and cross-departmental activities in support of developing accurate and comprehensive responses to audit requests

Qualifications
EDUCATION & EXPERIENCE:
Undergraduate degree with seven years or Graduate degree with five years IT controls or IT security experience in a technical environment with a variety of IT systems.
One or more current Security certification (CISSP, CISM, Security+).

REQUIRED SKILLS:
Experience with National Institute of Standards and Technology (NIST) Risk Management and Cybersecurity Framework.
Experience with FISMA, NIST 800-53, general IT control implementation, assessment, and maintenance process.
Familiarity with Governance, Risk and Compliance (GRC) frameworks and tools, such as, RSAM, CSAM, or experience with SA&A tools, such as Xacta.
Good understanding of Office of Management and Budget (OMB) circulars A-123 and A-130, Federal Manager's Financial Integrity Act (FMFIA), FISCAM processes and procedures.
Fluency in both spoken and written English, including the ability to work with highly technical and specialized content. Must be able both prepare and deliver such content, verbally and in writing, but also comprehend such content from others, in both spoken and written form.
Ability to prepare deliverables with sufficient quality such that very few minor, or no, edits are required to be made prior to conveyance to the client.
Ability to quickly review the work products of others, employ your own knowledge of federal security doctrine, and ensure that timely and accurate feedback and recommended edits are delivered to the author(s). All work products should be ready for delivery to the client after only one review has been performed.
Ability to work in a fast-paced environment.
Outstanding customer service skills.
Ability to document processes as needed.
Proficiency in explaining complex policies and protocols in simple terms.
Ability to stay up to date on information technology trends and security standards.
Ability to demonstrate excellent analytical thinking and problem-solving skills to be able to assess potential risks and developing possible solutions.

Candidates for consideration must be eligible to obtain and maintain a Public Trust clearance.
DESIRED SKILLS: A solid understanding of IT security controls, tools, and concepts. A good working understanding of and technical experience in IT platforms such as Microsoft, Cisco, Oracle, etc. are also a plus. An understanding of SharePoint lists and workflows which are heavily utilized in this environment.