Senior Governance Risk and Compliance (GRC) Analyst and Team Lead

About the Role

Your day-to-day responsibilities will include developing security authorization package documentation, such as the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plan of Actions and Milestones (POA&M). You will also be responsible for creating and maintaining client relationships, serving as a Subject Matter Expert (SME) at key stakeholder meetings, and drafting security control implementation statements with enough detail to facilitate the testing of the controls.

You will be working closely with cross-functional teams, including security analysts, engineers, and project managers, to ensure the successful implementation of security and compliance projects. Your ability to lead multiple teams, work on multiple projects simultaneously, and prioritize tasks effectively will be essential to your success in this role.

What You Will Do

• Lead a team of security analysts and engineers to implement regulatory frameworks such as FISMA, FedRAMP, and StateRAMP
• Develop security authorization package documentation, including the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plan of Actions and Milestones (POA&M)
• Create and maintain client relationships, serving as a Subject Matter Expert (SME) at key stakeholder meetings
• Draft security control implementation statements with enough detail to facilitate the testing of the controls
• Develop, review, and update supporting documentation, including the Contingency Plan (CP), Incident Response Plan (IRP), and Configuration Management Plan (CMP)
• Conduct Security Impact Assessments (SIAs) on changes to information systems
• Create the Control Implementation Summary (CIS)/Customer Responsibility Matrix (CRM) workbook outline Cloud Service Provider (CSP) and customer responsibilities
• Develop, review, and update policies and procedures to support the implementation of the NIST 800-53 control families
• Leverage the next generation of Governance Risk and Compliance (GRC) tools to automate the creation of the SSP
• Review current security assessment and authorization processes and provide recommendations for improvement
• Develop Risk Assessment Reports (RAR) and provide guidance on NIST 800-53, FedRAMP, and StateRAMP control requirements

What We Are Looking For

• Minimum 8 years' experience in IT consulting specializing in Governance, Risk, and Compliance (GRC)
• Strong understanding of regulatory frameworks, including FISMA, FedRAMP, and StateRAMP
• Experience leading multiple teams and working on multiple projects simultaneously
• Excellent communication and interpersonal skills, with the ability to serve as a Subject Matter Expert (SME) at key stakeholder meetings
• Ability to work independently and prioritize tasks effectively
• Strong analytical and problem-solving skills, with the ability to identify and mitigate risks
• Experience with GRC tools and technologies, including Excel
• Ability to create and maintain client relationships and provide excellent customer service

Nice to Have

• Experience with cloud-based technologies, including Amazon Web Services (AWS) or Microsoft Azure
• Certification in a relevant field, such as CompTIA Security+ or CISSP
• Experience with Agile project management methodologies
• Knowledge of IT service management frameworks, such as ITIL

Benefits and Perks

• Competitive salary and benefits package
• Opportunity to work on high-impact projects and make a real difference
• Collaborative and dynamic work environment
• Professional development and growth opportunities
• Flexible work arrangements, including remote work options
• Access to cutting-edge technologies and tools
• Recognition and reward programs for outstanding performance
• Comprehensive health and wellness programs

• Be prepared to provide specific examples of your experience with regulatory frameworks, including FISMA, FedRAMP, and StateRAMP.
• Highlight your ability to lead multiple teams and work on multiple projects simultaneously, and be prepared to provide examples of your project management skills.
• Make sure your resume and cover letter are tailored to the job description, and that you have a strong understanding of the company's unique approach to client success enablement.
• Be prepared to discuss your experience with GRC tools and technologies, including Excel, and your ability to leverage these tools to automate tasks and improve efficiency.
• Research the company and the role thoroughly, and be prepared to ask informed questions during the interview process.
• Consider obtaining certifications, such as CompTIA Security+ or CISSP, to demonstrate your expertise and commitment to the field.
• Be prepared to discuss your experience with cloud-based technologies, including Amazon Web Services (AWS) or Microsoft Azure, and your ability to adapt to new technologies and frameworks.