Governance Risk and Compliance (GRC) Analyst 1
Governance Risk and Compliance (GRC) Analyst 1
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
C2 Labs partners with clients on their IT transformation journey viadata-driven IT strategic planning application rationalization and redevelopment and innovativeresearch and development of new industry standards and technologies. C2 Labs provides
specialized products and services that allow our clients to innovate with speed and scaleseamlessly while maintaining a robust and effective security posture. C2 has a unique approachto client success enablement that is empowered by ART (Application Rationalization and
Transformation) and SCIENCE (Strategic Client Interview and Engineering to assess designand implement Cloud Ecosystems) to couple creative new approaches/technologies with provenmethodologies that deliver rapid results.
Must Live in the Knoxville Tennessee metro area and Must be a US Citizen and capable of passing a Public Trust background investigation. For a two year contract.
Job Summary:
As a Governance Risk and Compliance (GRC) Analyst 1 at C2 Labs you will work with ateam of security analysts and engineers to implement regulatory frameworks such as theFederal Information Security Modernization Act (FISMA) the Federal Risk Authorization
Management Program (FedRAMP) and the State Risk Authorization Management Program(StateRAMP). You will leverage GRC tools to develop security authorization packagedocumentation such as the System Security Plan (SSP) Security Assessment Plan (SAP)
Security Assessment Report (SAR) and the Plan of Actions & Milestones (POA&M) in humanreadable and machine-readable formats. You will draft security control implementationstatements with enough detail to facilitate the testing of the controls and will develop supporting
documentation including the Contingency Plan (CP) Incident Response Plan (IRP) andConfiguration Management Plan (CMP). As a GRC Analyst 1 your primary responsibility will beto ensure the timely development of the security authorization package in accordance with C2
Labs quality standards.
Job Responsibilities:
Categorize systems in accordance with Federal Information Processing Standards (FIPS) 199and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-60. Select and tailor security controls by applying scoping guidance in accordance with NIST SP800-53 and FedRAMP specific guidance. Document the implementation characteristics forsecurity controls with enough detail to permit the testing of the security control by anindependent assessor/Third Party Assessment Organization (3PAO).
Develop review and update security authorization package documentation to includethe System Security Plan (SSP) Security Assessment Plan (SAP) Security AssessmentGovernance Risk and Compliance (GRC) Analyst 1Report (SAR) and Plan of Actions and Milestones (POA&M).
Develop review and update supporting documentation including the Contingency Plan(CP) Incident Response Plan (IRP) and Configuration Management Plan (CMP).
Conduct Security Impact Assessments (SIAs) on changes to information systems
Create the Control Implementation Summary (CIS)/Customer Responsibility Matrix(CRM) workbook outline Cloud Service Provider (CSP) and customer responsibilities.
Develop review and update policies and procedures to support the implementation ofthe NIST 800-53 control families.
Leverage the next generation of Governance Risk and Compliance (GRC) tools toautomate the creation of the SSP.
Review current security assessment and authorization processes and providerecommendations for improvement.
Develop Risk Assessment Reports (RAR).
Provide guidance on NIST 800-53 FedRAMP and StateRAMP control requirements.
Develop and deliver training to educate stakeholders on the various tasks and activitiesassociated with the RMF.
Qualifications:
Minimum 1-3 years experience in IT consulting specializing in Governance Risk andCompliance using the RMF.
CISSP CISM or CAP certification is preferred but not required.
Excellent communication and interpersonal skills with the ability to build a rapport andtrust with clients.
Knowledge of the cybersecurity industry to include regulatory frameworks such as theNational Institute of Standards in Technology (NIST) Risk Management Framework(RMF) Federal Risk Authorization Management Program (FedRAMP) Department ofDefense (DoD) Impact Levels (2-6) and the State Risk Authorization ManagementProgram (StateRAMP).Governance Risk and Compliance (GRC) Analyst 1
Possesses an in-depth understanding of the FedRAMP authorization process andassociated templates and deliverables.
Must have experience creating security authorization package documentation (i.e. SSPSAP. SAR & POA&M) and managing system authorization artifacts for a FedRAMPauthorized cloud environment.
Working knowledge of:
NIST SP 800-53 Security and Privacy Controls for Federal Information Systems andOrganizations
FedRAMP Security Controls Baselines (i.e. Low Moderate High and Li-SaaS)
StateRAMP Security Control Baselines (i.e. Low Impact Ready Low Impact AuthorizedModerate Impact Ready Moderate Impact Authorized)
NIST SP 800-37 Guide for Applying the Risk Management Framework to FederalInformation Systems
Must have strong technical writing skills.
Must be able to work independently under only general direction.
Must be able to interpret and provide consulting expertise on FedRAMP securityrequirements.
Must have extensive knowledge in reviewing analyzing and documenting the secureimplementation of logical controls physical controls environmental controls personnelsecurity and incident handling.
Experience preparing monthly continuous monitoring deliverables (e.g. vulnerabilityscans POA&Ms and asset inventory) for submission to the FedRAMP PMO.
Must be a US Citizen and capable of passing a Public Trust background investigation.
EOE STATEMENT:
We are an equal opportunity employer. All qualified applicants will be considered without discrimination based on race color religion sex national origin age disability or protected veteran status. Employment offers will be contingent on passing a pre-employment drug screen.
Required Experience:
IC
Employment Type
Contract
