OSC GlobalRemote
Cyber Security Analyst IV, Governance, Risk and Compliance
United States
Full Time
3 hours ago
$110,275 - $198,468 USD
No H1B
Key skills
CloudCyber SecurityAnalyticsLeadershipRisk Management
About this role
Role Overview
- Serve as a senior subject matter expert and program lead for the Governance, Risk, and Compliance (GRC) function supporting federal information systems
- Oversee enterprise GRC and RMF programs, ensuring consistency across multiple system authorizations and enclaves
- Direct the risk management process, ensuring risk identification, quantification and treatment strategies align with federal and agency guidance
- Lead assurance activities, validating that control implementations meet the intent of NIST 800-53 Rev.5 requirements
- Govern SSP and POA&M quality, establishing standards, templates and review checkpoints across systems
- Oversee cloud service provider assessments, ensuring proper inheritance of FedRAMP controls and shared responsibilities
- Provide leadership for privacy and data governance, ensuring integration of PIA activities into RMF documentation
- Develop and track Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure compliance and risk health
- Drive adoption of GRC automation, Continuous Controls Monitoring (CCM) and compliance analytics
- Serve as primary point of contact during audits, IG reviews and authorization package evaluations
- Mentor analysts and guide cross-functional teams on risk-informed decision-making and RMF optimization
Requirements
- Bachelor’s degree in Cybersecurity, Information Assurance, or a related technical discipline
- at least eight (8) years of progressive experience in cybersecurity, including experience leading RMF and FISMA compliance in a federal or contractor environment
- Expertise with NIST 800-37, NIST 800-53 Rev.5, and FISMA implementation
- Proven success managing enterprise risk, assurance, and audit readiness programs
- Knowledge of quantitative risk models (e.g., FAIR, ISO 31000) and risk dashboards
- Professional certifications such as CISSP, CISM, CRISC, CAP/CGRC, CIPP/US or similar
- Ability to pass a background and drug screening
- Must have identification compliant with the Real ID Act at time of hire
- Must be able to obtain Department of Energy access badge
- Must be able to obtain and maintain a U.S. government security clearance
Tech Stack
- Cloud
- Cyber Security
Benefits
- paid holidays
- paid time off
- 401k with employer match
- dental
- vision
- health insurance plans through the Federal Employee Health Benefits (FEHB) program
- life and disability benefits