Senior GRC Specialist

Aquia
$125,000 - $150,000Remote

About The Position

Aquia is seeking a Senior GRC Specialist to own governance, risk, and compliance activities across federal IT and cybersecurity programs. This role requires managing FISMA compliance and RMF-driven authorization programs, with a focus on service delivery metrics, SLA performance, and audit readiness. The position is for a senior individual contributor comfortable with drafting POA&M responses, engaging with auditors, and producing operational reporting for leadership. Key responsibilities include managing the POA&M lifecycle, supporting FISMA compliance, applying NIST SP 800-53 and NIST SP 800-37 (RMF), managing and reporting on SLAs and availability metrics, developing operational reporting for stakeholders, leading audit readiness activities, identifying control gaps and recommending mitigations, and supporting continuous monitoring programs for ongoing ATO/cATO sustainment.

Requirements

  • Bachelor's degree in Information Technology, Cybersecurity, Information Systems, or a related field, with 6+ years of relevant experience; equivalent combination of education and demonstrated experience considered
  • Active Top Secret (TS) clearance required: candidates without an active TS clearance will not be considered; sponsorship is not available for this role
  • U.S. citizenship required, must be located in the US.
  • Demonstrated experience supporting FISMA compliance programs in federal environments
  • Working knowledge of NIST SP 800-53 (control families, implementation, and assessment)
  • Working knowledge of NIST SP 800-37 (Risk Management Framework) and the ATO/authorization process
  • Hands-on experience managing POA&M lifecycle: tracking, remediation coordination, evidence validation, and closure
  • Experience preparing for and supporting federal audits and security assessments, including evidence packaging, stakeholder coordination, and finding response
  • Experience managing SLAs and availability metrics in IT service delivery or cybersecurity operations environments
  • Ability to develop and maintain operational reporting that communicates performance and risk posture to technical and executive audiences
  • Experience producing clear, accurate reporting on cybersecurity operations, compliance status, and service health for government and internal stakeholders

Nice To Haves

  • Experience with eMASS or similar GRC/authorization tracking platforms
  • Familiarity with continuous monitoring (ConMon) program management and reporting
  • Experience working alongside ISSOs, ISSMs, and Authorizing Officials in the RMF process
  • Knowledge of FedRAMP, DoD CC SRG, or agency-specific overlays (e.g., HHS, DoD, DHS)
  • Experience with ITSM platforms (ServiceNow, Jira) for tracking findings and operational workflows
  • Relevant certifications: CISSP, CISM, CAP/CGRC, Security+, or equivalent

Responsibilities

  • Own and manage POA&M lifecycle activities: tracking findings, coordinating remediation, validating closure, and maintaining accurate, audit-ready documentation
  • Support FISMA compliance programs, including evidence collection, continuous monitoring, and coordination with system owners and ISSOs/ISSMs
  • Apply NIST SP 800-53 and NIST SP 800-37 (RMF) to assess control implementation, support authorization activities, and maintain system security postures
  • Manage and report on SLAs and availability metrics for IT and cybersecurity operations; surface trends, flag risks, and drive accountability against commitments
  • Develop and maintain operational reporting for internal leadership and government stakeholders — translating compliance and operational data into clear, actionable insight
  • Lead audit readiness activities: preparing teams and documentation for internal reviews, independent assessments (3PAO/IA), and government audits
  • Identify gaps in control implementation or operational processes and recommend practical, risk-informed mitigation strategies
  • Support continuous monitoring programs and contribute to ongoing ATO/cATO sustainment

Benefits

  • Premium health care plans (90% employer-paid)
  • Employee stock plan
  • 100% 401k match (up to IRS annual max)
  • Generous PTO package
  • Personal training and development budget
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service