Incident Management / Governance Risk Compliance (GRC) - HHS STIM

cFocus Software is seeking a highly skilled Incident Management / Governance Risk and Compliance (GRC) Engineer IV with expertise in RSA Archer to support the Security Tools and Infrastructure Modernization (STIM) contract with the U.S. Department of Health and Human Services (HHS). The Engineer will be responsible for the administration operations troubleshooting and integration of the enterprise GRC platform to ensure compliance reporting accuracy and enterprise-wide risk management. This role requires deep expertise in RSA Archer database administration and incident management practices.

Responsibilities

• Administer operate and maintain the enterprise RSA Archer GRC platform and interconnected systems.

• Partner with Security and Infrastructure teams to ensure system availability and reliability.

• Configure and enhance RSA Archer to meet evolving business requirements and design changes.

• Troubleshoot and optimize data feeds stakeholder notifications and reporting workflows.

• Provide technical support and training to RSA Archer users ensuring adoption and proper navigation of GRC processes.

• Manage enterprise GRC user accounts including bulk uploads account provisioning and troubleshooting.

• Support integration of Archer with other enterprise systems for data exchange and reporting.

• Assist stakeholders with data imports/exports validating templates and generating actionable reports for management.

• Support database administrators with SQL performance tuning upgrades and database change planning.

• Collaborate with system administrators and DBAs to develop upgrade strategies with milestones checklists and fallback plans.

• Respond to and support incident management activities including containment remediation and escalation.

• Document and maintain system designs processes and service records.

• Ensure compliance with federal security frameworks including CIS Controls NIST SP 800-53 Rev. 5 and DISA STIGs.

• Collaborate with cross-functional IT teams to support infrastructure modernization projects.

• Mentor junior engineers and provide technical leadership in GRC and incident response best practices.

• Participate in a 24/7/365 on-call rotation for enterprise GRC and incident management support.

Required Experience

• 8 years of IT security and GRC experience in federal or enterprise environments.

• Demonstrated expertise with RSA Archer administration configuration and troubleshooting.

• Experience managing enterprise networking and security infrastructure including firewalls IDS/IPS VPNs and packet capture tools.

• Strong proficiency with SQL performance tuning database administration and data maintenance.

• Proven ability to detect investigate and remediate incidents in a large enterprise environment.

• Familiarity with LAN/WAN troubleshooting throughput optimization and network problem resolution.

• Strong communication and stakeholder engagement skills with ability to explain technical concepts to non-technical audiences.

Education & Certifications

• Bachelors degree in Computer Science Information Systems Cybersecurity or related field (or equivalent combination of education and experience).

• Preferred certifications include: RSA Archer certifications CISSP CISM or CRISC.

Clearance Requirement

• Must be eligible to obtain and maintain a Public Trust (High-Risk Level 5) clearance.