Governance, Risk, and Compliance (GRC) Specialist - Contingent

About The Position

Requirements

• Minimum 5 years of experience in cybersecurity governance, risk, or compliance (GRC), preferably supporting federal or regulated environments
• Demonstrated experience in project management, network design concepts, and testing the security of government systems to identify vulnerabilities
• Working knowledge of the NIST RMF and how it is used to manage security and privacy risk across categorization, control selection/implementation, assessment, authorization, and continuous monitoring
• Familiarity with the purpose and structure of NIST 800-53 security and privacy controls and how controls map to evidence and system security practices
• Familiarity with security control assessment concepts and the use of assessment procedures (e.g., NIST 800-53A-style approaches)
• Strong technical writing skills and ability to produce clear, defensible documentation for auditors and leadership
• Experience supporting federal authorization packages and security assessment deliverables (e.g., SAP/SAR, evidence collection, audit response)
• Familiarity with FedRAMP concepts for cloud environments (if the client environment includes cloud services)
• Experience briefing technical and non-technical stakeholders and translating control requirements into practical implementation guidance

Nice To Haves

• Bachelor's degree in information systems, Computer Science, or related field
• Preferred Certifications: GIAC Web Application Penetration Tester (GWAPT) Certified Ethical Hacker (CEH) GIAC Systems and Network Auditor (GSNA) Certified Penetration Tester (CPT) Certified Expert Penetration Tester (CEPT) GIAC Certified Web Application Defender (GWEB) Offensive Security Certified Professional (OSCP) CREST Penetration Testing Certifications

Responsibilities

• Support governance and compliance activities aligned to FISMA and agency cybersecurity requirements, including maintaining documentation and reporting support where applicable
• Execute RMF-aligned risk activities across the system lifecycle, including control selection support, implementation validation, and ongoing continuous monitoring
• Maintain and update authorization/compliance artifacts (as required by the environment), such as security plans and supporting evidence, ensuring documentation is accurate and audit-ready
• Assist with security control assessment coordination by preparing artifacts, mapping evidence to controls, tracking assessment activities, and supporting remediation planning (Assessment methods and procedures are commonly aligned to NIST 800-53A practices)
• Develop, manage, and track POA&Ms and remediation actions; collect and validate closure evidence and support risk acceptance processes as needed
• Demonstrate and apply working knowledge of network design concepts and partner with technical teams to validate secure configurations and identify weaknesses
• Support vulnerability management and security testing coordination for government systems to identify and document vulnerabilities, validate severity/impact, and track mitigation to completion
• Support project management activities including work planning, task tracking, stakeholder coordination, meeting facilitation, and status reporting for GRC deliverables
• Contribute to policy/standard development and continuous improvement initiatives for governance and risk processes using NIST-aligned control frameworks

Benefits

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off
• Family Leave (Maternity, Paternity)
• Short Term & Long-Term Disability
• Training & Development