Cyber Security Analyst IV (Governance, Risk and Compliance)

OSC Technical Solutions is seeking a Cyber Security Analyst IV to serve as a senior subject matter expert for the Governance, Risk, and Compliance (GRC) function supporting federal information systems. The role involves defining RMF strategies, managing risk posture, and providing executive-level insights on compliance performance and authorization readiness.

Responsibilities:

• Oversee enterprise GRC and RMF programs, ensuring consistency across multiple system authorizations and enclaves
• Direct the risk management process, ensuring risk identification, quantification and treatment strategies align with federal and agency guidance
• Lead assurance activities, validating that control implementations meet the intent of NIST 800-53 Rev.5 requirements
• Govern SSP and POA&M quality, establishing standards, templates and review checkpoints across systems
• Oversee cloud service provider assessments, ensuring proper inheritance of FedRAMP controls and shared responsibilities
• Provide leadership for privacy and data governance, ensuring integration of PIA activities into RMF documentation
• Develop and track Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure compliance and risk health
• Drive adoption of GRC automation, Continuous Controls Monitoring (CCM) and compliance analytics
• Serve as primary point of contact during audits, IG reviews and authorization package evaluations
• Mentor analysts and guide cross-functional teams on risk-informed decision-making and RMF optimization
• Perform other duties as appropriate and as assigned

Requirements:

• Bachelor's degree in Cybersecurity, Information Assurance, or a related technical discipline and at least eight (8) years of progressive experience in cybersecurity, including experience leading RMF and FISMA compliance in a federal or contractor environment, or an equivalent combination of education, experience and training
• Ability to pass a background and drug screening
• Must have identification compliant with the Real ID Act at time of hire
• Must be able to obtain Department of Energy access badge
• Must be able to obtain and maintain a U.S. government security clearance
• In-depth expertise with NIST 800-37, NIST 800-53 Rev.5, and FISMA implementation
• Proven success managing enterprise risk, assurance, and audit readiness programs
• Knowledge of quantitative risk models (e.g., FAIR, ISO 31000) and risk dashboards
• Good interpersonal skills: ability to work effectively and cooperatively with all levels of management and staff, affiliated-company employees as well as outside business associates; exhibits a professional manner in dealing with others
• Work independently, as well as on a team and with minimal supervision
• Make decisions, solve problems, and exercise excellent judgment and analytical skills
• Work well under pressure and independently prioritize workload, while working on multiple projects
• Ability to research, organize and analyze technical information with particular attention to accuracy and details
• Excellent written and verbal communication skills; including thorough knowledge of proper grammar, advanced vocabulary, spelling, editing and proofreading skills
• Proficient using Microsoft Office products, such as Word, Excel and PowerPoint, and industry-standard computer software and databases
• High degree of sensitivity regarding confidential information
• Sufficient fine motor skills for the use of computers, calculators with an ability to withstand repetitive keyboarding for extended periods of time
• Visual and communications ability adequate to perform the essential functions of the job
• Ability to kneel, bend and twist at the waist on an occasional basis
• Ability to reach below shoulder height with regular frequency (desk position) and at or above shoulder height on occasion
• Ability to push, pull, carry, and lift objects weighing up to 10 pounds on a regular basis, and greater weights on an occasional basis
• Ability to travel by vehicle or aircraft, and ability to safely operate a motor vehicle
• Experience with enterprise GRC solutions (e.g., RegScale, ServiceNow GRC, Archer, eMASS, or similar)
• Expertise in FedRAMP, supply chain risk and vendor assurance
• Demonstrated leadership in cross-domain governance (cyber, privacy and mission systems)
• Experience with privacy program implementation and integration
• Relevant certifications such as CISSP, CISM, CRISC, CAP/CGRC, CIPP/US or similar