Security Government Risk and Compliance (GRC) Analyst

Summit Technologies, Inc. is looking for a Security Governance Risk and Compliance (GRC) Analyst towork with our government client. You will be part of a team responsible for IT Security Risk and Compliance, by supporting the Information System Security and Privacy Officer (ISSPO) with managing and documenting the agency's security posture. This is a hybrid role based in Washington, DC. Candidates must be eligible for a Public Trust clearance.

Duties and Responsibilities:

• Conduct detailed security impact analysis for any change that introduces new (types of) hardware or software, requires modification to a security baseline, requires a new connection to an external entity, significantly changes a publicly facing application or DMZ infrastructure.
• Provide appropriate Security Impact information in writing to service/application owners and Change Coordinators.
• Conduct risk assessments on security issues impacting the general support system and propose necessary resolution(s).
• Develop and maintain IT security controls related to and offered by the agency to the standards set forth in the NIST Special Publication 800-53. Collect information from subject matter experts to develop and validate control implementation statements.
• Document and communicate any control deficiencies identified during control development for POA&M consideration.
• Review outputs from POA&Ms to assess completeness and make recommendations for any further work needed or POA&M closure.
• Support agency IT Governance, Risk and Compliance Activities such as management of standards, approvals, and waivers.
• Support Continuous Security Monitoring of infrastructure and functional areas in accordance with defined parameters, for compliance with the Security Policy (SP) and all System Security Plans (SSPs).
• Provide expertise and assistance in the development of security policies and procedures and ensure compliance.
• Update the agency system security documentation (SSP, etc.) with approved new or significant changes, including boundary and technical descriptions.
• Support the PM by providing information for status reports, status briefings, schedules, project plans, etc., both verbally and in written form.
• Stay up to date on information technology trends and security standards.

Required Skills and Experience:

• Experience with National Institute of Standards and Technology (NIST) Risk Management and Cybersecurity Framework.
• Experience with FISMA, NIST 800-53, general IT control implementation, assessment, and maintenance processes.
• Familiarity with Governance, Risk and Compliance (GRC) frameworks and tools, such as CSAM.
• Ability to tailor information security processes and tools, based on changing landscapes, doctrine, and risk scenarios.
• Ability to conduct risk assessments, evaluate and quantify risk, based on NIST guidance.
• Fluency in both spoken and written English, including the ability to work with highly technical and specialized content. Must be able to prepare and deliver such content, verbally and in writing, and comprehend such content from others.
• Ability to prepare deliverables of sufficient quality that requires very minor or no edits, prior to conveyance to the client.
• Quickly review the work products of others, employ your own knowledge of federal security doctrine, and ensure that timely and accurate feedback is delivered to the author(s). All work products should be ready for delivery to the client after only one review.
• Ability to work in a fast-paced environment.
• Outstanding customer service skills.
• Ability to document and follow processes.
• Proficiency explaining complex policies and protocols in simple terms.
• Excellent analytical thinking and problem-solving skills to assess potential risks and develop possible solutions.

Education:

• Bachelor's degree and seven years of IT Controls or IT Security experience; Or
• Master's degree and five years of experience.
  

Certification:

• One of the following: CISSP, CISM or CompTIA Security+

Security Clearance:

• Must be eligible for a Public Trust
  

If you feel you are qualified and want to be considered for this position, please supply the following to:
te3p9p5ufwkzjuk4ff3j7puk1o@crelate.net , and please put the job number ‘6623' in the subject line:

• Updated resume including MM/YYYY for each employer.
• Best times/dates to interview (plus phone # you can best be contacted at).
• Availability to start once given formal offers.

Summit Technologies Inc. appreciates your interest. We will contact the best matching prospects and will consider you for future opportunities. We will not submit your resume without your prior knowledge and consent. We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, disability or veteran status.