Governance, Risk, and Compliance (GRC) Analyst

Rapid Strategy is seeking a Governance Risk and Compliance (GRC) Consultant. Rapid Strategy is an award-winning and  African-American owned small business providing cybersecurity services to the private and public sector. Based in Charlotte, NC, we support our clients across the North Carolina and DMV area. You can learn more about Rapid Strategy at www.RapidStrategy.io

This is role is based in San Antonio TX. Candidates must be local to or within a commutable distance.

 Roles and Responsibilities

• Focus on attaining and maintaining ATO status for the CCAC accounting system in accordance with relevant regulations and timelines, demonstrating consistent progress and minimizing lapses.
• Perform comprehensive assessments of the organization's GRC posture, particularly focusing on cybersecurity controls, policies, and procedures.
• Evaluate compliance with established standards and communicate actionable recommendations.
• Identify weaknesses, vulnerabilities, and areas of non-compliance within the organization's GRC landscape, conducting thorough assessments to gain a holistic understanding.
• Collaborate with relevant stakeholders, including SAF/AA, 502 CS, ACC/A6, DISA, and others as required, to ensure alignment and effective risk management processes.
• Lead the migration of accounting services to cloud-based platforms, ensuring compliance with ATO requirements for the new system and coordinating with cloud vendors for FEDRAMP certification.
• Recommend prescriptive strategies to address identified compliance gaps, vulnerabilities, and risks, aligning with industry standards and regulatory requirements.
• Provide guidance and expertise on the interpretation and application of relevant standards and frameworks, ensuring alignment with organizational objectives and best practices.
• Assist in documenting and maintaining security controls, policies, and procedures, ensuring compliance with government standards and updating documentation as needed.
• Conduct regular reviews and audits to monitor compliance with established frameworks, identify areas for improvement, and enhance overall compliance posture.
• Provide training and knowledge transfer sessions to internal stakeholders on GRC principles, compliance requirements, and risk management best practices.

 Qualifications

• International Information System Security Certification (ISC2), Certified in Governance Risk and Compliance (CGRC), or Certified Authorization Professional (CAP) certifications as per ISC2 standards.
• Proficient in utilizing Enterprise Mission Assurance Support Service (eMASS), Information Technology Investment Portfolio System (ITIPS), and demonstrated experience with implementing the Risk Management Framework (RMF).
• Familiarity with NIST Special Publications including 800-53r4, 800-37r2, and 800-60 for security and privacy controls, guidance on applying RMF to federal information systems, and federal information system categorization process.
• Previous experience in GRC roles, preferably within government or defense sectors, with a strong understanding of cybersecurity controls, policies, and procedures.
• Excellent communication skills with the ability to effectively communicate complex technical concepts to non-technical stakeholders and collaborate across cross-functional teams.
• Strong analytical and problem-solving skills, with the ability to identify and address compliance gaps, vulnerabilities, and risks effectively.
• Demonstrated ability to work collaboratively within cross-functional teams and foster a culture of compliance and risk management throughout the organization.

Please note that this position requires applicants to be U.S. citizens and based in the United States. Only individuals who meet these criteria will be considered for employment. 

 If selected for this role, you must complete a federally mandated criminal history background check which will include a National Agency Check with Inquiries (NACI) and an Installation records Check (IRC) within 30 days of hire.