Sr. GRC Analyst

About The Position

Requirements

• Working knowledge and experience in cybersecurity, information assurance, or a directly related field with demonstrated GRC responsibilities
• Ability to support audit activities, including evidence gathering and auditor inquiry response
• Ability to read and critically evaluate System Security Plans (SSPs) and identify gaps in control descriptions and scope
• Experience conducting control assessments through artifact review and technical observation
• Working knowledge of at least one applicable regulatory framework such as IRS 1075, PCI DSS, or state privacy laws
• Strong written and verbal communication skills, with demonstrated ability to work across technical and non-technical stakeholders
• CompTIA Security+, CEH, or equivalent foundational certification

Nice To Haves

• Hands-on experience with the NIST Risk Management Framework (RMF), including risk assessment, POA&M management, and continuous monitoring
• Knowledge of Commonwealth of Virginia Information Security Standards and Guidelines, IRS Publication 1075, Payment Card Industry Data Security Standards, and other industry security standards
• Experience translating organizational practices and procedures into formal control language
• Familiarity with multiple regulatory frameworks and the ability to assess controls against them simultaneously
• Experience identifying undocumented security practices and formalizing them into written procedures
• Advanced certification such as CISSP, CISM, or CRISC

Responsibilities

• Identify, assess, and document organizational risks, and keep stakeholders accountable to resolving them
• Review System Security Plans (SSPs) to ensure controls are accurately and completely described, and engage stakeholders when there are concerns
• Test and verify that security controls are actually working the way they're supposed to, across their full scope
• Support internal and external audit events, from evidence gathering to finding consolidation
• Manage Plans of Action and Milestones (POA&Ms) from identification through remediation
• Develop security procedures that turn what the organization actually does into clear, documented practice
• Provide input on security policies and standards to help keep them relevant and accurate

Benefits

• Job stability and quality of life!
• Enjoy your work/life balance with flexible schedule options and up to two days of telework per week.
• 12 Paid State holidays on top of vacation, sick, volunteer, and personal leave!
• Comprehensive and affordable health benefits.
• Got student loans? You may be eligible for the Public Service Loan Forgiveness program.
• Participation in the Virginia Retirement System, VA 457 Deferred Comp, and more.