YOUR MISSION

We are seeking an experienced GRC Analyst to join our Information Security team at True Anomaly. The GRC Analyst will be a crucial asset in ensuring the security and compliance of our information assets. The ideal candidate should possess a minimum of 5 years of hands-on experience implementing NIST 800-171, NIST 800-53, and STIGs compliance across organizations, demonstrating a profound understanding of CMMC 2.0, DoD compliance frameworks, policy development, and cloud security best practices.

RESPONSIBILITIES

• Implement robust security procedures across True Anomaly's systems and platforms.
• Conduct information technology compliance assessments across various frameworks (e.g., NIST 800-171, 800-53, etc.), to include, but not limited to:
  • NIST SP 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (DFARS 252.204-7012).
  • NIST SP 800-53 Rev. 5, Security and Privacy Controls for Federal Information Systems and Organizations.
  • Framework for Improving Critical Infrastructure Cybersecurity - NIST Cybersecurity Framework (CSF)
  • Cybersecurity Maturity Model Certification (latest version)
  • Zero Trust, Resiliency

• Review and develop System Security Plans (SSPs), Plans of Actions and Milestones (POA&Ms), and as well as necessary artifacts.
• Develop various policy documents (SOPs/CONOPs) as required. This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recover, and Security Assessments.
• Keep management apprised of impending areas of concern, verbally and in writing.
• Develop new, and mature existing information security and enterprise risk policies.
• Initiate, and lead on-going information security maturity assessment processes and training, using industry accepted frameworks and implement into the overall cyber security posture.
• Produce and review key performance indicators for implemented security measures and distribute KPIs.
• Maintain knowledge of threat landscape by monitoring threat intelligence, and other related sources.
• Conduct internal audits to ensure unwavering adherence to DoD compliance standards.
• Collaborate with software engineers to fortify software and resolve vulnerabilities.

BASIC QUALIFICATIONS

• 5+ years of directly related experience in IT security assessment and Experience as an ISSM or ISSO a plus.
• Demonstrated understanding of NIST SP.800-171, NIST SP.800-171A, NIST SP.800-53, NIST SP.800-53A, FedRAMP and/or other similar federal government regulations and industry standards
• Verify and document the implementation of security controls necessary to achieve compliance.
• Understanding of a broad range of IT and information security risks
• Experience building and rolling out compliance policies
• Experience authoring corporate security policies (e.g., privacy, data, and records retention) and enterprise security
• At least 5 years of experience developing security standards, guidelines, and remediation planning based on best practices and industry
• Comprehensive understanding of incident response, system configuration, vulnerability management, and hardening guidelines within the DoD context

COMPENSATION

• Base Salary: $120,000 - $150,000
• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

ADDITIONAL REQUIREMENTS

• Work Location: Remote
• Schedule: must be available during core business hours (9am-2pm MST), Monday-Friday

This position will be open until it is successfully filled. To submit your application, please follow the directions below. #LI-Remote #LI-DNI