Jobs search

GRC Analyst

Three Sixty Corp. • Washington, DC, US • 4m ago

Job Title: GRC Analyst

Location: Hybrid – 2 days a week remote / 3 days a week DC area

Company: Three Sixty Corp

Job Type: Full-time, Contract

Job Description:

We are seeking a highly skilled Cybersecurity Policy and Documentation Analyst to join our team. The ideal candidate will proactively review, update, and maintain cybersecurity policies, guidance documents, directives, templates, and materials to ensure all documentation reflects and incorporates the most recent version of all the organizations cybersecurity program documentation.

Key Responsibilities:

Documentation Management: Review, update, and maintain cybersecurity policy, guidance documents, directives, templates, and materials.
Cybersecurity and Privacy Requirements: Provide cybersecurity and privacy requirements and guidance.
Workforce Management: Ensure a qualified and stable workforce by submitting pre-vetted and completed Security Clearance Packages for all proposed personnel.
Meeting Support: Provide administrative and technical support for meetings, including scheduling, preparing briefing slides, agendas, handouts, and distributing meeting minutes.
Monthly Meetings and Reports: Facilitate Monthly Status Meetings and provide Monthly Status Reports (MSR).
Documentation Development: Develop, edit, format, and modify cybersecurity documentation, ensuring consistency in formatting, language, and structure.
Gap Analysis: Conduct gap analysis of existing cybersecurity policies and recommend improvements.
CSAM Inventory Review: Perform CSAM inventory review and update plan monthly.
ATO Reporting: Report Authority To Operate (ATO) packages as required.
Risk Metrics Reporting: Report OCY risk metrics to the Risk Register on a monthly basis.
Cybersecurity Assessment and Management: Provide subject matter expertise in CSAM, manage POA&Ms, generate reports, and collaborate with stakeholders.
Stakeholder Coordination: Work closely with stakeholders to gather necessary information for cybersecurity documentation.
SharePoint Management: Maintain and organize SharePoint folders for the OS Cyber Security Team's Governance, Risk, and Compliance (GRC) documentation.

Qualifications:

Minimum Qualifications: Meet the minimum qualifications specified in the CATTS Labor Category descriptions.
Experience: Minimum of five (5) years of CyberSecurity Asset Management (CSAM) experience.
Certification: Possess current CGRC Certification (https://www.isc2.org/certifications/cgrc) for Governance, Risk, and Compliance.
Knowledge: Understanding of Government standards, requirements, and guidance from FISMA, NIST, CISA, and OMB.
Reporting Skills: Proven experience in writing formal reports with minimal errors.
Documentation Skills: Comprehensive knowledge of developing, editing, formatting, and modifying cybersecurity documentation.

Why Join Us: