GRC Analyst

Summary

Join Raft, a customer-obsessed company focused on Distributed Data Systems, Platforms at Scale, and Complex Application Development, as a GRC Analyst. You will play a pivotal role in shaping and enforcing cybersecurity frameworks, collaborating with internal and external stakeholders to promote cybersecurity awareness and mitigate cyber risks. Responsibilities include designing, implementing, and maintaining GRC platforms, conducting risk assessments and audits, and ensuring compliance with federal policies and mandates. This role requires experience in supporting DoD programs, familiarity with NIST publications and GRC tools, and excellent communication skills. The position is remote with potential for up to 10% travel. Raft offers competitive benefits including fully covered healthcare, 401k matching, unlimited PTO, and education benefits.

Requirements

• Minimum of 2 years' experience in an ISSO or other GRC-related role supporting DoD programs at various classification levels
• Experience with NIST Special Publications such as NIST SP 800-53 & 800-171, FedRAMP, and/or CMMC
• Understanding of the various DoD impact levels & related compliance requirements for each level
• Experience with GRC tools such as ServiceNow, XACTA, eMASS, Archer, or SAP
• Proficient in conducting risk assessments, audits, and compliance monitoring within federal government environments
• Understanding of and experience with SIEM tools such as Splunk, Grafana, or ELK
• Experience managing GRC work for both on-prem & cloud-based systems & networks
• Experience conducting internal self-assessments and audits with external assessors
• Understanding of common cybersecurity tools and technologies such as vulnerability & compliance scanners, static & dynamic code analyzers, DLP, IDS, etc
• Excellent communication skills with the ability to convey complex cybersecurity and compliance concepts, controls, & risk scenarios to technical and non-technical stakeholders
• Ability to translate GRC requirements into business risks and present to technical & non-technical Senior Leadership
• Ability to collaborate with and advise business units on governance structures and operational adjustments needed to align with governance frameworks
• Ability to identify gaps or conflicts in current policies and processes and work to develop solutions with internal business units
• Have or can obtain CompTIA Security+ or other DoD 8570 IAM Level I or higher certification within the first 90 days of employment with Raft
• Able to maintain a Top Secret/SCI Security clearance

Responsibilities

• Collaborate with internal and external stakeholders to promote cybersecurity awareness, education, training, communication, alignment, collaboration, and cooperation
• Drive the identification, assessment, and mitigation of cyber risks, ensuring a robust compliance posture that fosters trust and confidence among our government stakeholders
• Design, implement, and maintain the GRC platforms & tooling across Raft for both our corporate environment and those supporting classified programs

Preferred Qualifications

• Bachelor’s degree in Cybersecurity, Information Assurance, Information Technology, or a related field
• CISSP
• CISA
• CISM
• CGRC
• PMI-RMP
• Ability to manage cross-functional teams and drive deliverables to completion
• Experience in developing and delivering cybersecurity training and awareness programs

Benefits

• Highly competitive salary
• Fully covered healthcare, dental, and vision coverage
• 401(k) and company match
• Unlimited PTO + 11 paid holidays
• Education & training benefits
• Annual budget for your tech/gadgets needs
• Monthly box of yummy snacks to eat while doing meaningful work
• Remote, hybrid, and flexible work options
• Team off-site in fun places!
• Generous Referral Bonuses