Senior Analyst, Security Governance Risk & Compliance

Summary

Join BlackSky, a real-time intelligence company, as a Senior Analyst in Security Governance Risk & Compliance (GRC). This role supports the global security team, focusing on security program governance, risk management, and regulatory/customer compliance. You will report compliance requirements to internal and external stakeholders, manage security risk and configuration management functions, lead efforts to update security policies, and monitor compliance standard changes. The ideal candidate possesses at least five years of GRC experience, a bachelor's degree in cybersecurity or computer science, and relevant certifications. While preference is given to candidates near Seattle, WA or Herndon, VA, remote work may be considered for certain states. BlackSky offers a comprehensive benefits package including medical, dental, vision, paid time off, 401k matching, and professional development opportunities.

Requirements

• At least five years of experience in Governance Risk and Compliance
• Bachelor’s degree or equivalent, preferably in cybersecurity or computer science
• Experience using GRC software
• CISA, CISSP, CISM or equivalent security certification
• Experience or understanding of managing CMMC 2.0 Level 2 compliance requirements to include leading interactions with DIBCAC and/or C3PAO assessors and responding to requests for compliance evidence
• Experience managing SOX/ITGC and 404B compliance requirements to include leading interactions with external auditors and responding to requests for compliance evidence
• Experience developing strategic, technical, and compliance related documentation, artifacts and reports
• Exceptional verbal and written communication skills, with the ability to communicate complex compliance issues clearly to diverse audiences
• This position requires U.S. citizenship

Responsibilities

• Perform reporting of regulatory and customer compliance requirements to include interfacing with internal stakeholders (e.g., Director of Security, Director of Information Technology and broader IT Team, and Vice President of Audit) and external stakeholders (e.g., customer Security POCs, external auditors, third-party assessors)
• Manage day-to-day activities of Security Risk Management and Secure Configuration Management functions (e.g., Change Authorization Board; review software and hardware inventories for deviations or risks; manage security risk exception process)
• Lead efforts related to security program governance such as updating, developing, and performing annual reviews of corporate security policies, procedures, and standards
• Continuously monitor changes to compliance standards, regulations, and industry best practices, and communicate impacts to relevant stakeholders
• Other job-related duties as assigned

Preferred Qualifications

• Experience managing UK Cyber Essentials compliance requirements
• Experience managing FedRAMP Moderate (NIST 800-53 Moderate) compliance requirements
• Previous experience with implementing automated evidence gathering using API
• Experience managing GRC software from implementation to operation
• Ability to proactively identify emerging compliance trends and translate them into actionable recommendations

Benefits

• Medical, dental, vision, disability, group term life and AD&D, voluntary life and AD&D insurance
• BlackSky pays 100% of employee-only premiums for medical, dental and vision and contributes $100/month for out-of-pocket expenses!
• 15 days of PTO, 11 Company holidays, four Floating Holidays (pro-rated based on hire date), one day of paid volunteerism leave per year, parental leave and more
• 401(k) pre-tax and Roth deferral options with employer match
• Flexible Spending Accounts
• Employee Stock Purchase Program
• Employee Assistance and Travel Assistance Programs
• Employer matching donations
• Professional development
• Mac or PC? Your choice!
• Awesome swag