Security GRC Analyst; onsite

14444 – Security GRC Analyst (onsite) – Austin, TX

Start Date:

ASAP

Type:
Temporary Project

Estimated Duration: 12+ months with possible extensions

Work Setting: 100% of the time at the Client’s site. No telecommuting or remote work. This is a non‑negotiable requirement from the client.

Only candidates able to relocate as required should apply to avoid removal from future consideration.

• Availability to work 100% of the time at the Client’s site in Austin, TX (required);
• Experience in cybersecurity GRC, system security planning, or information assurance (4+ years);
• Experience developing System Security Plans (SSPs), conducting Security Assessments, and facilitating Risk Assessments (4+ years);
• Experience with NIST SP 800‑53 and NIST Risk Management Framework (4+ years);
• Experience using GRC platforms (RSA Archer preferred) (4+ years);
• Experience working with Information Owners and Custodians (4+ years);
• Experience with technical writing and documentation skills (4+ years);
• Ability to work independently on complex assignments (4+ years).

• Experience with DIR Security Control Standards (3+ years);
• Experience supporting ATO and continuous monitoring (3+ years);
• Experience in state or federal government cybersecurity programs (2+ years);
• CRISC or CISA certification.

• Develop and maintain System Security Plans (SSPs), conduct Security Assessments, and facilitate Risk Assessments across assigned systems;
• Apply NIST SP 800‑53 controls and the NIST Risk Management Framework to guide security planning, compliance, and authorization activities;
• Manage and update security documentation, ensuring high‑quality technical writing and clear communication with stakeholders;
• Use GRC platforms—preferably RSA Archer—to track controls, risks, findings, and compliance evidence;
• Collaborate with Information Owners and Custodians to validate controls, gather system information, and support audit readiness;
• Support ATO processes, continuous monitoring activities, and adherence to DIR Security Control Standards;
• Contribute to cybersecurity governance efforts within state or federal programs, leveraging knowledge of information assurance and risk methodologies.