OSC Technical SolutionsRemote
Cyber Security Analyst III (Governance, Risk and Compliance)
United States of America
Full Time
11 hours ago
$90,000 - $158,000 USD
No H1B
Key skills
ServiceNowLeadershipCommunication
About this role
OSC Technical Solutions is seeking a Cyber Security Analyst III to manage their Governance, Risk, and Compliance (GRC) program. The role involves leading NIST RMF lifecycle activities, conducting risk assessments, and ensuring compliance with FISMA and NIST standards for federal information systems.
Responsibilities:
- Lead system-level RMF activities, ensuring SSPs, risk assessments and POA&Ms are current and complete
- Conduct independent risk assessments, evaluating the impact and likelihood of findings and recommending mitigation strategies
- Manage POA&M lifecycle, ensuring closure of findings through remediation or documented risk acceptance
- Perform control assurance reviews, validating implementation and effectiveness across control families
- Coordinate cloud and third-party compliance assessments, reviewing FedRAMP packages and continuous monitoring deliverables
- Support privacy compliance, ensuring alignment with NIST privacy requirements
- Generate and present risk and compliance status reports to system owners and cybersecurity leadership
- Provide mentorship and guidance to junior analysts on RMF and GRC documentation standards
- Collaborate across Security, IT and Privacy teams to ensure alignment between operational controls and compliance objectives
- Perform other duties as appropriate and as assigned
Requirements:
- Bachelor's degree in Cybersecurity, Information Systems, or related technical discipline and five (5) years of progressive experience in cybersecurity, including experience supporting or leading FISMA RMF compliance or cybersecurity governance functions, or an equivalent combination of experience, education and training
- Ability to pass a background and drug screening
- Must have identification compliant with the Real ID Act at time of hire
- Must be able to obtain Department of Energy access badge
- Must be able to obtain and maintain a U.S. government security clearance
- Strong working knowledge of NIST 800-37, NIST 800-53 Rev.5 and FISMA implementation
- Ability to produce metrics dashboards and executive compliance reports
- Demonstrated ability to lead risk assessments, control validations and POA&M tracking
- Familiarity with privacy controls, cloud compliance and continuous monitoring
- Good interpersonal skills: ability to work effectively and cooperatively with all levels of management and staff, affiliated-company employees as well as outside business associates; exhibits a professional manner in dealing with others
- Superior organizational, follow-up and detail-oriented skills
- Strong ability to analyze documents and categorize appropriately
- Ability to maintain accurate records
- Work independently, as well as on a team and with minimal supervision
- Make decisions, solve problems and exercise excellent judgment
- Work well under pressure and independently prioritize workload, while working on multiple projects
- Ability to research, organize and analyze technical information with particular attention to accuracy and detail
- Excellent written and verbal communication skills; including thorough knowledge of proper grammar, advanced vocabulary, spelling, editing and proofreading skills
- Proficient using Microsoft Office products, such as Word, Excel and PowerPoint, and industry-standard computer software and databases
- High degree of sensitivity regarding confidential information
- Sufficient fine motor skills for the use of computers, calculators with an ability to withstand repetitive keyboarding for extended periods of time
- Visual and communications ability adequate to perform the essential functions of the job
- Ability to kneel, bend and twist at the waist on an occasional basis
- Ability to reach below shoulder height with regular frequency (desk position) and at or above shoulder height on occasion
- Ability to push, pull, carry and lift objects weighing up to 10 pounds on a regular basis, and greater weights on an occasional basis
- Ability to travel by vehicle or aircraft, and ability to safely operate a motor vehicle
- Proficiency with GRC platforms (e.g., RegScale, ServiceNow GRC, Archer, eMASS or similar)
- Experience coordinating FedRAMP Moderate or High inheritance reviews
- Certifications such as CISM, CISA, CAP/CGRC, CRISC or CIPP/US
- Demonstrated success leading cross-functional audit or authorization activities