Cyber Security Analyst II (Governance, Risk and Compliance)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field.
• At least 2+ years of experience in cybersecurity, compliance, or risk management supporting federal or other regulated systems.
• Ability to pass a background and drug screening.
• Must have identification compliant with the Real ID Act at time of hire.
• Must be able to obtain Department of Energy access badge.

Nice To Haves

• Proficiency in GRC tools (e.g., RegScale, ServiceNow GRC, Archer, eMASS, or similar).
• Relevant certifications such as Security+, CAP/CGRC, or CIPP/US.

Responsibilities

• Support the development and maintenance of System Security Plans (SSPs), Risk Assessments, Security Assessment Reports (SARs), policies, procedures, and other security documentation.
• Conduct or assist with security control assessments, evidence collection, and gap analysis activities.
• Participate in risk identification, evaluation, and mitigation tracking, ensuring appropriate documentation and accountability.
• Support POA&M and issue management, maintaining traceability between findings and corrective actions.
• Contribute to privacy reviews and ensure the protection of PII and other sensitive data in accordance with NIST privacy guidance.
• Assist in cloud compliance reviews, evaluating FedRAMP inheritance and shared control responsibilities.
• Update and maintain compliance records in GRC tools (e.g., RegScale, ServiceNow GRC, Archer, or similar).
• Support Continuous Monitoring (ConMon) activities, reporting control effectiveness and risk posture to stakeholders.
• Perform other duties as appropriate and as assigned.

Benefits

• Paid holidays
• Paid time off
• 401k with employer match
• Dental insurance
• Vision insurance
• Health insurance plans through the Federal Employee Health Benefits (FEHB) program
• Life and disability benefits