Senior GRC Analyst
Share
Job Location:
Houston, MS - USA
Monthly Salary:
Not Disclosed
Posted on:
15 hours ago
Vacancies:
1 Vacancy
Job Summary
Job Title: Senior GRC Analyst
Role Summary
We are seeking a Senior GRC Analyst with deep hands-on expertise in DoD and federal compliance programs particularly CMMC 2.0 Level 2 and FISMA in environments handling Controlled Unclassified Information (CUI). This role focuses on implementing validating and sustaining NIST SP 800-171 and NIST SP 800-53 controls; maintaining audit and authorization readiness; and collaborating cross-functionally with Engineering DevOps Cloud and Security teams to ensure controls are effectively implemented evidenced and continuously monitored.Key Responsibilities
- CMMC & DoD Compliance
Drive CMMC 2.0 Level 2 implementation and readiness for CUI-processing systems.
Implement validate track and remediate NIST SP 800-171 controls including evidence gathering and POA&M management.
Prepare for DoD assessments and third-party audits by ensuring full control implementation and traceability. - FISMA & Federal Security Requirements
Execute FISMA-aligned activities using NIST SP 800-53 (Moderate baseline).
Support federal authorization efforts including System Security Plan (SSP) updates control narratives evidence validation and continuous monitoring (ConMon).
Address audit findings and remediate gaps in collaboration with internal stakeholders. - Technical Control Validation
Partner with Engineering CloudOps and Security teams to validate technical controls in AWS-regulated environments covering:- Identity and Access Management (IAM)
- Logging monitoring and auditability
- Encryption (at rest and in transit)
- Vulnerability and configuration management
- Incident response and contingency planning
Review technical artifacts (e.g. architecture diagrams configurations logs) to confirm audit-ready evidence.
- Risk & Supply Chain Security
Perform security and risk assessments for systems services and changes involving CUI.
Conduct third-party/supply chain risk evaluations per DoD and federal standards.
Maintain risk registers track findings and manage remediation via POA&Ms.
Required Qualifications
Core Experience
- 6 years in GRC cybersecurity compliance or federal security programs.
- Direct hands-on experience with CMMC 2.0 Level 2 and/or DoD environments managing CUI.
- Proven collaboration with engineering/DevOps teams on control implementation (beyond advisory roles).
Technical & Framework Expertise
- Strong proficiency in:
- NIST SP 800-171 (protecting CUI)
- NIST SP 800-53 (FISMA Moderate baseline)
- FISMA requirements
- CMMC 2.0 framework
- Demonstrated ability to validate technical security controls in AWS cloud environments.
Documentation & Communication Skills
- Expertise in producing audit-ready documentation evidence packages control narratives and reports tailored to regulated/government audiences.
- Excellent written and verbal communication for cross-functional and executive/government interactions.
Preferred Qualifications
- Prior involvement in CMMC assessments or readiness programs.
- Experience supporting federal Authority to Operate (ATO) or authorization processes.
- Familiarity with CI/CD pipelines and cloud-native architectures.
- Background in defense government contracting or highly regulated federal environments.
- Relevant certifications (preferred):
- CMMC Registered Practitioner (RP)
- CISSP CISM or CISA
- Cloud security certifications (e.g. AWS Security Specialty)
Key Skills
- Splunk
- IDS
- Microsoft Access
- SQL
- Cybersecurity
- Intelligence Experience
- Malware Analysis
- Tableau
- Analysis Skills
- SAS
- Data Analysis Skills
- Analytics
