Yesterday
Secret
Mid Level Career (5+ yrs experience)
IT - Security
Why ITinfra?
• Small, growing, dynamic and fun company to work with
• We emphasize and foster professional growth by helping you set and achieve professional goals
• Exceptional health insurance benefits
• 401K, Paid Time Off (PTO)
Position Summary:
The Governance, Risk, and Compliance (GRC) SME is a cybersecurity expert responsible for leading and supporting the Assessment and Authorization (A&A) of Government or DoD information systems in alignment with the Risk Management Framework (RMF). This role ensures compliance with applicable cybersecurity policies and procedures, leveraging a deep understanding of NIST SP 800-53 security controls across complex IT infrastructures, including large and small enclaves, AIS applications, and outsourced services. The SME is also responsible for SSAE 18 / SOC 1 report support.
The GRC SME advises system owners and stakeholders throughout the RMF lifecycle, evaluating vulnerabilities, determining risk severity, and assessing implications for system authorization. The SME also prepares and delivers senior leadership briefings on system risk posture, audit readiness, and A&A progress.
Job Description:
• Perform security control assessments and RMF authorization activities for complex DoD systems and environments, including enclaves, cloud platforms, ICS/OT systems, and warehouse execution systems
• Apply expert knowledge of NIST SP 800-53 and DoD cybersecurity policy to assess compliance, identify gaps, and develop risk-based recommendations for remediation and system authorization
• Support the end-to-end A&A process by generating and reviewing RMF documentation packages (e.g., SSP, SAR, POA&M), ensuring alignment with DoD and federal compliance standards
• Serve as a cybersecurity SME on emerging technologies, providing risk analysis and control implementation guidance for cloud-based infrastructure, ICS, and other mission-critical technologies
• Coordinate with system owners, ISSMs, and cybersecurity leadership to implement and monitor Corrective Action Plans (CAPs) in response to audit findings and vulnerability assessments
• Manage and maintain audit and cybersecurity compliance documentation, including Prepared by Client (PBC) materials, policies, procedures, and alignment with Enterprise Operational Procedures and Requirements (EOPRs)
• Review evidence for IT control compliance; develop written analyses, support Corrective Action Plans (CAPs), and respond to Notices of Findings and Recommendations (NFRs) with appropriate documentation.
• Support and monitor CAPs by conducting internal reviews, validating evidence, and verifying system access
• Provide compliance support for SOC 1 and SSAE 18 reporting related to internal systems and cloud service providers
• Respond to audit and information requests from DoD and Federal agencies, and participate in engagements with Independent Public Accountants (IPAs), including meetings, site visits, and evidence evaluations
Qualifications (Must Haves):
• Must possess at least an active Secret Clearance
• Must possess a DoD Approved 8570 Baseline Certification: Category IAM Level III (i.e., CISSP, CISM, or GSLC)
• Must have five (5) years of relevant Risk Management Framework (RMF) and NIST A&A experience within the DoD
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud and Industrial Control Systems (ICSs), warehouse execution systems and Operational Technology (OT) infrastructures
• Small, growing, dynamic and fun company to work with
• We emphasize and foster professional growth by helping you set and achieve professional goals
• Exceptional health insurance benefits
• 401K, Paid Time Off (PTO)
Position Summary:
The Governance, Risk, and Compliance (GRC) SME is a cybersecurity expert responsible for leading and supporting the Assessment and Authorization (A&A) of Government or DoD information systems in alignment with the Risk Management Framework (RMF). This role ensures compliance with applicable cybersecurity policies and procedures, leveraging a deep understanding of NIST SP 800-53 security controls across complex IT infrastructures, including large and small enclaves, AIS applications, and outsourced services. The SME is also responsible for SSAE 18 / SOC 1 report support.
The GRC SME advises system owners and stakeholders throughout the RMF lifecycle, evaluating vulnerabilities, determining risk severity, and assessing implications for system authorization. The SME also prepares and delivers senior leadership briefings on system risk posture, audit readiness, and A&A progress.
Job Description:
• Perform security control assessments and RMF authorization activities for complex DoD systems and environments, including enclaves, cloud platforms, ICS/OT systems, and warehouse execution systems
• Apply expert knowledge of NIST SP 800-53 and DoD cybersecurity policy to assess compliance, identify gaps, and develop risk-based recommendations for remediation and system authorization
• Support the end-to-end A&A process by generating and reviewing RMF documentation packages (e.g., SSP, SAR, POA&M), ensuring alignment with DoD and federal compliance standards
• Serve as a cybersecurity SME on emerging technologies, providing risk analysis and control implementation guidance for cloud-based infrastructure, ICS, and other mission-critical technologies
• Coordinate with system owners, ISSMs, and cybersecurity leadership to implement and monitor Corrective Action Plans (CAPs) in response to audit findings and vulnerability assessments
• Manage and maintain audit and cybersecurity compliance documentation, including Prepared by Client (PBC) materials, policies, procedures, and alignment with Enterprise Operational Procedures and Requirements (EOPRs)
• Review evidence for IT control compliance; develop written analyses, support Corrective Action Plans (CAPs), and respond to Notices of Findings and Recommendations (NFRs) with appropriate documentation.
• Support and monitor CAPs by conducting internal reviews, validating evidence, and verifying system access
• Provide compliance support for SOC 1 and SSAE 18 reporting related to internal systems and cloud service providers
• Respond to audit and information requests from DoD and Federal agencies, and participate in engagements with Independent Public Accountants (IPAs), including meetings, site visits, and evidence evaluations
Qualifications (Must Haves):
• Must possess at least an active Secret Clearance
• Must possess a DoD Approved 8570 Baseline Certification: Category IAM Level III (i.e., CISSP, CISM, or GSLC)
• Must have five (5) years of relevant Risk Management Framework (RMF) and NIST A&A experience within the DoD
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud and Industrial Control Systems (ICSs), warehouse execution systems and Operational Technology (OT) infrastructures
group id: 91135060
