Note: The job is a remote job and is open to candidates in USA. IBSS is a woman-owned small business providing transformational consulting services to various sectors. The Senior GRC Analyst / Senior ISSO will support cybersecurity governance, risk management, and compliance initiatives, ensuring adherence to standards and managing compliance documentation.
Responsibilities
- Develop, maintain, and update cybersecurity policies, standards, procedures, and supporting documentation
- Support policy-to-control mapping and traceability activities across multiple frameworks
- Coordinate annual policy reviews and assist with compliance reporting activities
- Research cybersecurity laws, regulations, standards, and guidelines relevant to client environments
- Conduct system-level and scoped enterprise risk assessments aligned with NIST SP 800-30 methodologies
- Identify threats, vulnerabilities, likelihood, impact, and overall risk ratings
- Develop risk assessment reports and remediation recommendations
- Maintain and track risks within centralized risk registers
- Support vendor risk management activities, including third-party security questionnaire and SOC report reviews
- Independently develop and maintain System Security Plans (SSPs) for frameworks such as NIST SP 800-53 and NIST SP 800-171
- Document control implementation statements and validate supporting evidence
- Identify incomplete, inaccurate, or insufficient artifacts and coordinate directly with technical stakeholders to obtain corrected evidence
- Support readiness efforts for frameworks such as CMMC, HIPAA, ISO 27001, SOC 2, and FedRAMP
- Participate in internal and external audit engagements, evidence collection activities, stakeholder interviews, and remediation tracking efforts
- Maintain POA&Ms and compliance remediation trackers
- Contribute improvements to internal GRC methodologies, templates, checklists, and delivery processes
- Provide mentorship and informal guidance to junior team members, apprentices, and interns
- Escalate complex issues and risks to senior leadership as appropriate
- Participate in monthly volunteer efforts supporting environmental and humanitarian initiatives
Skills
- Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Computer Science, or related field; OR equivalent cybersecurity coursework and practical experience
- 10 to 12 years of hands-on cybersecurity GRC experience
- One or more of the following certifications: CCSP, CISA, CISM, CISSP
- Experience supporting or documenting compliance activities aligned with: NIST SP 800-53, NIST SP 800-171, CMMC
- Experience developing or maintaining System Security Plans (SSPs)
- Ability to independently identify evidence gaps and request corrected artifacts from stakeholders
- Strong written and verbal communication skills
- Ability to work independently and within a team environment
- Familiarity with FedRAMP environments and federal compliance requirements
- Security+, CAP, CCP, or similar cybersecurity certification preferred but not required
- Experience supporting federal clients or regulated environments preferred
- Public Trust eligibility required; Secret clearance eligibility preferred
Benefits
- Medical, dental, vision, and prescription drug coverage with a company-paid deductible
- Paid time off
- Federal holidays
- A matching 401K plan
- Tuition/professional development reimbursement
- Flex-Spending (FSA)/Dependent Care Account (DCA) options
Company Overview