14444 – Security GRC Analyst (onsite) – Austin, TX
Start Date: ASAP
Type: Temporary Project
Estimated Duration: 12+ months with possible extensions
Work Setting: 100% of the time at the Client’s site. No telecommuting or remote work. This is a non-negotiable requirement from the client.
Only candidates able to relocate as required should apply to avoid removal from future consideration.
Required:
• Availability to work 100% of the time at the Client’s site in Austin, TX (required);
• Experience in cybersecurity GRC, system security planning, or information assurance (4+ years);
• Experience developing System Security Plans (SSPs), conducting Security Assessments, and facilitating Risk Assessments (4+ years);
• Experience with NIST SP 800-53 and NIST Risk Management Framework (4+ years);
• Experience using GRC platforms (RSA Archer preferred), (4+ years);
• Experience working with Information Owners and Custodians (4+ years);
• Experience with technical writing and documentation skills (4+ years);
• Ability to work independently on complex assignments (4+ years).
Preferred:
• Experience with DIR Security Control Standards (3+ years);
• Experience supporting ATO and continuous monitoring (3+ years);
• Experience in state or federal government cybersecurity programs (2+ years);
• CRISC or CISA certification.
Responsibilities include but are not limited to the following:
• Develop and maintain System Security Plans (SSPs), conduct Security Assessments, and facilitate Risk Assessments across assigned systems;
• Apply NIST SP 800‑53 controls and the NIST Risk Management Framework to guide security planning, compliance, and authorization activities;
• Manage and update security documentation, ensuring high‑quality technical writing and clear communication with stakeholders;
• Use GRC platforms—preferably RSA Archer—to track controls, risks, findings, and compliance evidence;
• Collaborate with Information Owners and Custodians to validate controls, gather system information, and support audit readiness;
• Support ATO processes, continuous monitoring activities, and adherence to DIR Security Control Standards;
• Contribute to cybersecurity governance efforts within state or federal programs, leveraging knowledge of information assurance and risk methodologies.