GRC Analyst (Junior)
Location: Remote with rare on-site presence in DC
Clearance: Public Trust
Job Summary: We are seeking a proactive and detail-oriented Cybersecurity Information Assurance Engineer (Junior) / GRC Analyst (Junior) to support the development of information systems assurance programs and enhance the organization’s governance, risk, and compliance (GRC) processes. Under general supervision, the GRC Analyst will assist in implementing security control guidelines, resolving technical issues, and supporting the development of new dashboards, metrics, and automated functionality. The successful candidate will also contribute to federal compliance initiatives, conduct market research, and help streamline cybersecurity operations through automation and policy adherence.
Key Responsibilities:
- Assist in developing and implementing information systems assurance programs and security control guidelines to ensure compliance with cybersecurity best practices.
- Support the resolution of technical issues, prioritization of tasks, and development of methods to enhance cybersecurity operations.
- Prepare activity and progress reports related to information systems audits, ensuring accurate documentation of cybersecurity efforts.
- Develop new dashboard views to support the Cybersecurity Framework (CSF) and establish performance metrics for improved reporting and decision-making.
- Define processes for leveraging data from the Continuous Diagnostics and Mitigation (CDM) dashboard and provide support for stakeholder training on its usage.
- Assist in the automation of existing processes using Power Apps or similar tools to improve operational efficiency.
- Analyze and review emerging federal information security and privacy policies, directives, and mandates, ensuring timely compliance with specified requirements.
- Track the ownership of policies and procedures, ensuring the associated implementation timelines are adhered to and compliance requirements are met.
- Conduct market research and assist in establishing a roadmap for modernizing the organization’s Governance, Risk, and Compliance (GRC) tool, identifying key requirements for improvement.
- Support agency-led High Value Asset (HVA) assessments in compliance with the Cybersecurity and Infrastructure Security Agency (CISA) Assessment Evaluation and Standardization (AES) Program.
- Update and enhance the organization’s Entity-Wise Business Impact Analysis (EWBIA) to align with evolving business and cybersecurity needs.
Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
- Minimum 2 years of experience in cybersecurity or related fields, with exposure to governance, risk, and compliance processes.
- Possesses IAT Level II certification (e.g., CompTIA Security+, GIAC, or equivalent).
- Familiarity with the Cybersecurity Framework (CSF) and Continuous Diagnostics and Mitigation (CDM) dashboard concepts.
- Basic understanding of automation tools like Power Apps and experience with process automation is a plus.
- Knowledge of federal cybersecurity and privacy mandates, with the ability to analyze and assist in the implementation of new policies.
- Strong attention to detail and the ability to manage multiple tasks effectively.
- Excellent communication skills, with the ability to prepare reports and documentation for various audiences.
Preferred Skills:
- Exposure to High Value Asset (HVA) assessments and familiarity with CISA’s Assessment Evaluation and Standardization (AES) Program.
- Experience in conducting Entity-Wise Business Impact Analysis (EWBIA) or similar processes.
- Basic understanding of API development to support automation and data integration efforts.
