BASIC QUALIFICATIONS:

• 4+ years of experience with IT, information security, or cybersecurity, including GRC, compliance, risk management, or business operations
• 3+ years of experience with performing system or risk assessments or accreditations in accordance with FISMA, NIST 800-53, or the Risk Management Framework (RMF)
• 2+ years of experience in vulnerability management and reporting using Splunk and AWS Security Hub
• 2+ years of experience in a leadership or project management role, including leading cross-functional projects and managing operational metrics within regulated environments
• Experience analyzing impacts of new Common Vulnerabilities and Exposures (CVEs) and Known Exploited Vulnerabilities (KEVs) against a platform and providing justifications for risk ratings
• Experience conducting threat, compliance, vulnerability, and risk assessments of cloud-based networks and network and system analysis, reporting their results, and recommending measures to reduce risk to the platform or application tenants
• Experience with Splunk and AWS native tools, including AWS Inspector, and Security Hub, including security controls and services
• Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
• Bachelor’s degree
• CISSP, CISA, or CISM Certification

ADDITIONAL QUALIFICATIONS:

• Experience supporting internal and external security assessments and audits
• Experience with scripting and automation
• Experience with project management and reporting tools such as Jira, Confluence, and SharePoint
• Knowledge of approaches to securing and hardening high assurance boundary systems
• Knowledge of zero trust architectures
• Ability to thrive in a fast-paced environment and drive alignment across stakeholder groups
• Possession of excellent interpersonal skills to collaborate with other engineering teams
• AWS Cloud Practitioner, AWS Solutions Architect, or AWS Security Certification

Lead the planning and tracking of Governance, Risk, and Compliance (GRC) work efforts and deliverables, ensuring alignment with department objectives and regulatory timelines. Establish a centralized source for work efforts for prioritization and workforce planning. Organize and facilitate recurring team meetings, ensuring accountability, ownership, and progress tracking across initiatives. Develop and manage dashboards and reporting frameworks to track Service levels such as SLAs and SLRs, key performance indicators (KPIs), compliance posture, and risk metrics. Partner with workstream leads to ensure accurate, automated reporting to senior leadership and audit stakeholders on a regular schedule. Collaborate with workstream leads to translate high-level goals into detailed annual plans and actionable quarterly objectives with clear owners, milestones, and action items, ensuring effective implementation. Identify gaps and inefficiencies in current GRC operations. Work with workstream leads to design and implement improvements to workflows, tools, and processes. Define, communicate, and implement security architecture to support mission-critical operations and security assessments to maintain our client’s ATO and security requirements. Work with the clients’ GRC team and our internal product teams to ensure standards are met with information assurance and security requirements. Ensure up-to-date documentation to support audit readiness and organizational transparency. Due to the nature of work performed within this facility, U.S. citizenship is required.