Governance Risk Compliance Analyst
1 month ago
NOVA-Dine is seeking a Governance Risk Compliance Analyst to join their growing team The candidate will proactively review, update, and maintain cybersecurity policy, guidance documents, directives, templates, and materials to ensure all documentation reflects and incorporates the most recent version of all Government cybersecurity program documentation.
*This position is dependent upon position award*
Job Duties and Responsibilities:
With direction, the candidate will provide Cyber security and Privacy requirements and guidance, including, but not limited to the following:
- Provide a qualified and stable workforce, submitting pre-vetted and completed Security Clearance Package for all proposed personnel.
- Provide meeting support and documentation, e.g., provide administrative and technical support for meetings, as required; coordinate scheduling and meeting notifications including the preparation of briefing slides, agendas, handouts, and other supplementary materials; prepare and distribute meeting minutes including action items/tasking/due outs and responsibility matrix for all meetings with the Government; have all action items clearly delineated with due dates and task owners.
- Facilitate a Monthly status meeting.
- Provide a Monthly Status Report (MSR).
- Develop, edit, format, and modify cybersecurity documentation, including policies, standards, procedures, user manuals, and other related materials, ensuring consistency in formatting, language, and structure across all documentation.
- Provide a gap analysis, with recommendations for improvement, of existing Cyber security policies, handbooks, standards and procedures and recommend disposition (i.e. continued use as is, needs revision, or rescind)
- Perform Cybersecurity Assessment and Management (CSAM) inventory review and update plan with schedule monthly.
- Report Authority To Operate (ATO) packages to the Government as required.
- Conduct Supply Chain Risk Assessments, ensuring that IT Checklist are properly vetted to meet data security requirements. This process should be integrated into the overall risk management framework and should inform the development and updating of cybersecurity policies and procedures.
- Report Government risk metrics to the Risk Register on a monthly basis based on the deliverables schedule
- Provide demonstrated subject matter expertise in CSAM performing the following tasks:
- Review security assessments and upload relevant documentation to CSAM
- Manage Plans of Action and Milestones (POA&Ms), including creating POA&M reports
- Develop CSAM administration skills, manage user accounts, and provide 1-on-1 training to users
- Generate reports and ensure CSAM compliance.
- Collaborate with stakeholders, including Information System Security Officers (ISSOs), to update data in CSAM
- Work closely with all relevant stakeholders to complete data calls and gather necessary information for the development, review, and updating of cybersecurity documentation. This may involve coordinating with various teams, conducting interviews, and collecting data from multiple sources.
- Manage SharePoint Cyber Security Team Folders performing the following tasks:
- Maintain and organize the SharePoint folders for the Cyber Security Team's Governance, Risk, and Compliance (GRC) documentation.
- Ensure proper access controls and permissions are set for the relevant stakeholders.
- Implement a folder structure and naming conventions that facilitate easy navigation and retrieval of documents.
- Regularly review and archive outdated or obsolete documents to keep the folders organized and up to date.
- Have demonstrated understanding of Government standards, requirements, and guidance from entities including but not limited to Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology (NIST), Cybersecurity and Infrastructure Security Agency (CISA), Office of Management and Budget (OMB).
- Have proven experience in writing formal reports with minimal errors and performing research, documenting findings, performing analysis, and making recommendations based on research.
- Have comprehensive knowledge of developing, editing, formatting, and modifying cybersecurity documentation, including policies, standards, procedures, user manuals, and other related materials, ensuring consistency in formatting, language, and structure across all documentation
- Other duties as assigned.
Job Requirements (Education/Skills/Experience):
Education: BS/BA in appropriate field (or equivalent)
Experience: 6+ years of CyberSecurity Asset Management (CSAM) experience
Certifications: CGRC Certification, minimum
Clearance: Public Trust - Must have ability to obtain
Work Schedule: Minimum of three (3) days per work week on site.
Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC's ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.
#LI-DNP
-
Washington, United States Sirius XM Radio Inc Full timeWho We Are: SiriusXM and its brands (Pandora, SiriusXM Media, AdsWizz, Simplecast, and SiriusXM Connect) are leading a new era of audio entertainment and services by delivering the most compelling subscription and ad-supported audio entertainment experience for listeners -- in the car, at home, and anywhere on the go with connected devices. Our vision is to...
-
Washington, United States AE Strategies Full timeAbout UsAE Strategies is a Mclean, VA based consulting firm, founded in 2003, providing people and project management solutions to federal customers. We are a proven small business with an established reputation and a track record of sustained success, having delivered on over 100 contracts across the federal government. Employees will work on challenging...
-
Washington, United States AE Strategies Full timeAbout UsAE Strategies is a Mclean, VA based consulting firm, founded in 2003, providing people and project management solutions to federal customers. We are a proven small business with an established reputation and a track record of sustained success, having delivered on over 100 contracts across the federal government. Employees will work on challenging...
-
Director Governance Risk Compliance
3 weeks ago
Washington, Washington, D.C., United States Washington Metropolitan Area Transit Authority Full timeGeneral Hybrid Work Statement: This opportunity is a hybrid opportunity allowing for flexibility between virtual and in-person work subject to the Authority's telework policy. Marketing Statement: Audit and Compliances mandate is to provide independent and objective internal auditing, risk assurance and risk advisory services to Metro management that add...
-
Director Governance Risk Compliance
3 weeks ago
Washington D.C., United States Washington Metropolitan Area Transit Authority Full timeGeneral Hybrid Work Statement: This opportunity is a hybrid opportunity allowing for flexibility between virtual and in-person work subject to the Authority's telework policy. Marketing Statement: Audit and Compliances mandate is to provide independent and objective internal auditing, risk assurance and risk advisory services to Metro management that add...
-
IT Security Governance, Risk, and Compliance
2 weeks ago
Washington, United States iTech AG Full timeDescription OVERVIEW We are seeking a highly skilled and motivated IT Security Governance, Risk, and Compliance (GRC) Project Manager to join our team. The ideal candidate will lead the GRC initiatives, working closely with federal clients and internal teams to ensure effective governance, risk management, and compliance across all IT projects and services....
-
Senior Governance, Risk, and Compliance
1 week ago
Washington, Washington, D.C., United States Spire Full timeAbout the RoleWe are seeking a highly skilled Governance, Risk, and Compliance (GRC) Engineer to join our team at Spire. As a GRC Engineer, you will play a crucial role in ensuring our compliance with various regulations and standards, including Export Administration Regulations (EAR), International Trafficking in Arms Regulations (ITAR), ISO 27001, and...
-
Senior Compliance Auditor
2 weeks ago
Washington, United States COMPLIANCE WEEK Full timeLocation: Remote/Hybrid Position Overview Elevate your career as a Senior Compliance Auditor within Compliance Week's auditing division. Our team is dedicated to enhancing the organization's Enterprise Risk Management initiatives, utilizing the Institute of Internal Auditors' Three Lines model. In this role, you will be instrumental in adapting to evolving...
-
Senior Compliance Auditor
2 weeks ago
Washington, United States COMPLIANCE WEEK Full timeLocation: Remote Position Title: Principal Compliance Auditor Role Overview Elevate your career as a Principal Compliance Auditor within the Compliance division at Compliance Week. Our compliance team drives the organization’s Enterprise Risk Management initiatives, utilizing the Institute of Internal Auditors' Three Lines model. We ensure that our...
-
Senior Compliance Auditor
2 weeks ago
Washington, United States COMPLIANCE WEEK Full timeLocation: Washington, DC (Hybrid) Position Overview Elevate your career as a Senior Compliance Auditor within the Compliance division. This unit is integral to the organization’s Enterprise Risk Management framework, employing the Institute of Internal Auditors' Three Lines model. Our mission is to adapt to evolving practices, business processes, and the...
-
Senior Compliance Auditor
2 weeks ago
Washington, United States COMPLIANCE WEEK Full timeLocation: Washington, DC (Hybrid) Position Overview Elevate your career as a Senior Compliance Auditor within the Compliance division at Compliance Week. Our compliance team is dedicated to enhancing the organization’s Enterprise Risk Management framework by applying the Institute of Internal Auditors' Three Lines model. In this capacity, we stay aligned...
-
Governance Analyst
5 days ago
Washington, United States Potawatomi Federal Solutions Full timePosition Title: Governance AnalystLocation: RemoteEEO Class: ProfessionalFLSA Classification: Exempt-SalariedEmployment Class: Full Time RegularPosition Summary:The Governance Analyst provides ERP governance & requirements management support to the Department of the Navy (DON).**Position contingent upon award of contract, government acceptance of candidate,...
-
Financial Services Compliance Analyst
2 weeks ago
Bellevue, Washington, United States G2 Risk Solutions Full timeJob OverviewG2 Risk Solutions is in search of a Financial Services Compliance Analyst. In this role, you will conduct thorough investigations of international firms within the financial services domain, evaluating their adherence to pertinent regulations aimed at mitigating the risk of fraudulent or illicit activities online. Your efforts will contribute to...
-
Senior Compliance Auditor
2 weeks ago
Washington, United States COMPLIANCE WEEK Full timeLocation: Washington, DC (Hybrid) Position Overview Elevate your career as a Senior Compliance Auditor within the Compliance division. This unit plays a crucial role in managing the organization's Enterprise Risk Management program, utilizing the Institute of Internal Auditors' Three Lines model. In our operations, we adapt to leading practices, evolving...
-
Senior Security Compliance Analyst
2 months ago
Washington, Washington, D.C., United States Capgemini Government Solutions Full timeCapgemini Government Solutions (CGS) LLC is seeking a highly motivated Senior Security Compliance Analyst/ISSO to join our team in the Washington, D.C. metro to support our government clients.The Senior Security Compliance Analyst/ISSO is a multifaceted role that collaborates with other teams across the business.This role requires a Security Compliance...
-
Investigations, Compliance
1 week ago
Washington, United States AlixPartners Full timeJob SummaryAlixPartners is a leading global consulting firm that solves complex challenges by moving quickly from analysis to action. We create value that has a lasting impact on companies, their people, and the communities they serve.About the RoleWe are seeking a highly skilled Investigations, Compliance & Risk Analyst to join our Risk Advisory team. As a...
-
Compliance and Risk Analyst II
2 weeks ago
Seattle, Washington, United States Achieve Full timeJob OverviewAs a Compliance and Risk Analyst II at Achieve, you will play a pivotal role in enhancing the financial well-being of individuals through our innovative digital solutions. Key Responsibilities:In this position, you will: Lead teams focused on compliance testing to meet organizational objectives. Develop testing scopes that align with identified...
-
Senior Security Compliance Analyst
2 months ago
Washington, United States Capgemini Government Solutions Full timeCapgemini Government Solutions (CGS) LLC is seeking a highly motivated Senior Security Compliance Analyst/ISSO to join our team in the Washington, D.C. metro to support our government clients.The Senior Security Compliance Analyst/ISSO is a multifaceted role that collaborates with other teams across the business.This role requires a Security Compliance...
-
Human Risk Analyst
3 weeks ago
Washington, United States New Light Technologies In Full time $90,000 - $130,000Job DescriptionJob DescriptionHuman Risk Analyst**Location**: Washington, DC (Remote with potential onsite requirements)**Reports To**: Chief Information Security Officer (CISO)**Position Summary**:The Human Risk Analyst will focus on identifying, assessing, and mitigating risks associated with human behavior within the HBX organization. This role involves...
-
Risk Management
6 days ago
Washington, United States Patomak Global Partners Full timeThis position is for a financial services risk management or compliance professional at the Manager level to work on regulatory, risk management, and compliance issues confronting clients who are asset managers, banks, swap dealers, broker-dealers, exchanges, and other financial services firms such as fintech companies. Issues handled by the Manager will...
