Jr Security Specialist
About The Position
The Entry-Level Cybersecurity Governance, Risk, and Compliance (GRC) Assessor supports cybersecurity compliance and risk management activities within a federal healthcare environment. This role assists in evaluating security controls, conducting risk assessments, and ensuring compliance with federal regulations such as FISMA, HIPAA, and NIST standards. Supports a large, distributed federal healthcare environment with high-impact systems and sensitive data. Must be able to work in a team-oriented, compliance-driven environment. Expected to adapt to evolving cybersecurity threats and compliance requirements.
Requirements
- Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience)
- Basic understanding of: Cybersecurity principles (CIA triad), Risk management concepts, Security controls and compliance frameworks
- Familiarity with at least one of the following: NIST 800-53 / RMF, FISMA or HIPAA requirements
- Strong analytical, documentation, and communication skills
Nice To Haves
- Internship or academic experience in cybersecurity, compliance, or auditing
- Exposure to tools such as GRC platforms (e.g., Archer) or vulnerability scanners
- Entry-level certifications: Security+ cGRC (formerly CAP), CySA+
Responsibilities
- Assist in conducting security control assessments using NIST SP 800-53A methodologies
- Support development of Security Assessment Plans (SAPs) and Rules of Engagement (ROE)
- Help review System Security Plans (SSPs) and validate implemented controls
- Document findings for Security Assessment Reports (SARs)
- Support risk assessments aligned with NIST SP 800-30
- Identify vulnerabilities, control deficiencies, and potential impacts to systems
- Assist in developing and updating Plans of Action and Milestones (POA&Ms)
- Participate in briefings on risk posture and remediation recommendations
- Assist in implementing the Risk Management Framework (RMF) lifecycle (Steps 1–6)
- Support compliance efforts for: FISMA, HIPAA Security Rule, HITECH, OMB and HHS directives
- Help map regulatory requirements to NIST 800-53 controls
- Help coordinate assessment schedules, logistics, and stakeholder communications
- Assist in preparing briefing materials for System Owners (SOs) and ISSOs
- Participate in assessment walkthroughs and documentation reviews
- Assist in ongoing security control monitoring aligned with NIST SP 800-137
- Help track assessment metrics, findings, and remediation status
- Contribute to monthly and periodic compliance reporting
- Draft and maintain cybersecurity documentation including: SARs, SAPs, and risk assessment reports, SOPs and compliance tracking artifacts
- Ensure documentation meets federal and organizational standards for quality and accuracy
- Work with senior assessors, ISSOs, and system owners to support compliance activities
- Participate in training on RMF, control assessments, and federal security requirements
- Assist in educating stakeholders on assessment processes and expectations
Benefits
- A variety of additional benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
