Senior GRC Specialist

Governance, Risk, and Compliance:

• Own and manage POA&M lifecycle activities: tracking findings, coordinating remediation, validating closure, and maintaining accurate documentation.
• Support FISMA compliance programs, including evidence collection, continuous monitoring, and coordination with system owners and ISSOs/ISSMs.
• Apply NIST SP 800-53 and NIST SP 800-37 (RMF) to assess control implementation, support authorization activities, and maintain system security postures.

Operational Reporting and Audits:

• Manage and report on SLAs and availability metrics for IT and cybersecurity operations, surfacing trends and flagging risks.
• Develop and maintain operational reporting for internal leadership and government stakeholders — translating compliance and operational data into clear, actionable insight.
• Lead audit readiness activities: preparing teams and documentation for internal reviews, independent assessments (3PAO/IA), and government audits.

Remediation and Continuous Monitoring:

• Identify gaps in control implementation or operational processes and recommend practical, risk-informed mitigation strategies.
• Support continuous monitoring programs and contribute to ongoing ATO/cATO sustainment.
• Demonstrate experience with eMASS or similar GRC platforms and familiarity with FedRAMP, DoD CC SRG, or agency-specific overlays.