serve as an experienced practitioner within the organization’s GRC program
managing NIST RMF lifecycle activities
conducting risk and control assessments
coordinating assurance and privacy initiatives for federal information systems
ensuring security documentation, continuous monitoring and remediation efforts meet FISMA and NIST standards
supporting ongoing authorization and compliance maturity
lead system-level RMF activities
conduct independent risk assessments
manage POA&M lifecycle
perform control assurance reviews
coordinate cloud and third-party compliance assessments
support privacy compliance
generate and present risk and compliance status reports
provide mentorship and guidance to junior analysts
collaborate across Security, IT and Privacy teams

Bachelor’s degree in Cybersecurity, Information Systems, or related technical discipline
five (5) years of progressive experience in cybersecurity, including experience supporting or leading FISMA RMF compliance or cybersecurity governance functions
ability to pass a background and drug screening
identification compliant with the Real ID Act at time of hire
able to obtain Department of Energy access badge
able to obtain and maintain a U.S. government security clearance
proficiency with GRC platforms (e.g., RegScale, ServiceNow GRC, Archer, eMASS or similar)
experience coordinating FedRAMP Moderate or High inheritance reviews
certifications such as CISM, CISA, CAP/CGRC, CRISC or CIPP/US

paid holidays
paid time off
401k with employer match
dental
vision
health insurance plans through the Federal Employee Health Benefits (FEHB) program
life and disability benefits

Cyber Security Analyst III – Governance, Risk and Compliance

Key skills