Senior Information Assurance Analyst

About The Position

Requirements

• Bachelor’s degree and three (3) years of experience in cybersecurity, information assurance, or risk management roles.
• In lieu of a degree, an additional two (2) years of experience in a related technology or risk management field and relevant industry certifications are required.
• At least 2 years of hands-on GRC specific experience supporting risk assessments, security control evaluations, compliance requirements and remediation efforts
• Demonstrated expertise applying NIST frameworks and risk management principles to assess control implementation, evaluate risk posture, and identify compliance gaps
• Demonstrated experience developing, prioritizing, and managing Plans of Action and Milestones (POA&Ms), including remediation planning and risk reduction activities
• Demonstrated experience managing, building, or supporting workflows within a GRC platform, including risk, issue, and remediation tracking
• Strong written and verbal communication skills with the ability to translate complex risk, control, and compliance concepts into clear, actionable language
• Ability to manage and prioritize multiple concurrent workstreams while maintaining focus on long-term program objectives
• Ability to perform effective research and analysis through stakeholder interviews, workshops, and document review.
• Must be a citizen of the United States

Nice To Haves

• Holds at least one industry accepted, relevant certification such as Security+, CISM, CISA, CRISC, CISSP, CCSP.
• Experience supporting long-term or multi-year client engagements and operating within established service delivery models
• Experience working with ServiceNow GRC functionality, including risk management, policy and compliance management, issue and remediation tracking, and reporting workflows.
• Experience collaborating with different stakeholders and service providers in a multi-vendor or shared-responsibility environment

Responsibilities

• Lives by the NuHarbor values: Help Clients Win, Always Improve, Protect the House
• Serves as a senior Information Assurance and GRC resource supporting a long-term strategic client engagement
• Works directly with client stakeholders and third-party service providers to support ongoing GRC activities, assessments, and operational initiatives
• Supports execution and continuous improvement of governance, risk, and compliance processes aligned to NIST principles
• Leads application of NIST 800-53 and NIST risk management and assessment principles to identify control gaps and risks, and to develop, prioritize, and manage POA&M-driven remediation and risk reduction strategies.
• Contributes to refinement of GRC workflows, reporting, and compliance tracking capabilities, and supports operational integration of GRC services across security operations and long-term delivery models
• Participates in stakeholder meetings, workshops, and information gathering activities across the client and vendor ecosystem
• Owns and develops GRC and security program documentation and artifacts, ensuring ongoing accuracy, consistency, and alignment to program requirements
• Synthesizes and communicates risk, compliance, and control information in a clear, actionable, and audience appropriate manner.

Benefits

• competitive salary and benefits
• paid time to give back in your community
• generous PTO