Governance Risk and Compliance (GRC) Analyst 3

About The Position

Requirements

• 3-5 years of experience in IT consulting specializing in Governance, Risk, and Compliance using the RMF.
• CISSP, CISM, or CAP certification preferred.
• Excellent communication and interpersonal skills.
• Knowledge of cybersecurity regulatory frameworks including NIST RMF, FedRAMP, and StateRAMP.
• In-depth understanding of the FedRAMP authorization process and associated documentation.
• Experience in creating security authorization package documentation (SSP, SAP, SAR, POA&M).
• Working knowledge of NIST SP 800-53 and FedRAMP Security Controls Baselines.
• Strong technical writing skills.
• Ability to work independently under general direction.
• Expertise in reviewing and documenting secure implementation of various controls.

Nice To Haves

• Experience with continuous monitoring deliverables for FedRAMP PMO submission.

Responsibilities

• Categorize systems according to FIPS 199 and NIST SP 800-60.
• Select and tailor security controls based on NIST SP 800-53 and FedRAMP guidance.
• Document implementation characteristics for security controls for independent assessment.
• Develop, review, and update security authorization package documentation including SSP, SAP, SAR, and POA&M.
• Create and maintain supporting documentation such as CP, IRP, and CMP.
• Conduct Security Impact Assessments (SIAs) for changes to information systems.
• Outline the Control Implementation Summary (CIS)/Customer Responsibility Matrix (CRM) for CSP and customer responsibilities.
• Develop and update policies and procedures for NIST 800-53 control families implementation.
• Utilize GRC tools to automate SSP creation.
• Review and recommend improvements for security assessment and authorization processes.
• Develop Risk Assessment Reports (RAR).
• Provide guidance on NIST 800-53, FedRAMP, and StateRAMP control requirements.
• Deliver training to stakeholders on RMF tasks and activities.

Benefits

• Contract position with a two-year duration.