IT Governance, Risk Management and Compliance Analyst_Federal Pr
Information Technology | Hampton, VA | Full Time
Job Title : IT Governance, Risk Management and Compliance Analyst_Federal Project
Job Location : Norfolk/Hampton, VA
- Continuous monitoring of IT General Controls.
- Continuously improve the security framework, methodology, standards, and system of internal controls.
- Govern and report on findings, track status, and ensure corrective actions are complete and sustainable.
- Create and maintain Documentation for Technical processes, and compliance procedures.
- Support development, implementation, and maintenance of strong security risk & compliance processes for new and existing deployments.
- Support risk identification & assessment, response & mitigation, control monitoring and reporting.
- Create and maintain incident response, business continuity, and disaster recovery plans for cross-functional teams and deployed or developing systems.
- Obtain and review evidence ensuring incident response audit conclusions are well-documented.
- Track and provide guidance on lessons learned and institutional risk mitigations from incident response.
- Develop narratives and required documentation for IT controls, acquisitions, and process or system changes.
- Provide supply chain management guidance for procurement risk.
- Provide cross-discipline consulting and management support for IT Security controls development and testing guidance
- Assist in the completion of complex IT audits, and special projects for IT areas including:
- General IT Controls (systems development, change management, computer operations, application controls
- Data and Database Management
- Network Security
- Cloud Environment and Solution as a Service Security
- Industrial Control and Operational Technology Security
- Emerging technologies
- Risk management, project management, governance, and compliance
- Perform Risk and Controls Analysis of agency IT systems and functions.
- Develop and implement IT audit programs and testing procedures and processes relevant to risk/compliance and test objectives across Agency Departments and IT functional groups.
- Develop, plan, and perform internal audits of IT processes and information systems from a functional and technical perspective.
- Provide quantitative and qualitative risk assessment and audit walk throughs.
- Assist in development, review, and improvement of IT policies and procedures.
- Assist in the development and completion of IT security risk assessments.
- Develop risk and audit processes and programs in collaboration with agency risk management, and audit personnel.
- Complete or participate in operational, compliance, and IT Security investigations.
- Assist as assistant incident coordinator as needed between across investigative teams and management.
- Ensure incident recap and lessons-learned knowledge is socialized and disseminated to stakeholders.
- Ensure quantitative analysis of impact is assessed during incident response.
- Ensure lessons-learned and institutional knowledge are factored into future management and strategic planning.
Functional Abilities Knowledge and Skills:
Be a champion for security culture and excellence, exercise risk-based judgement and prioritize remediation work.
- Knowledge of IT control concepts such as zones of trust, zero trust, and privileged access management.
- Ability to self-manage with limited oversight.
- Excellent written and oral communication skills.
- Excellent interpersonal skills
- Excellent judgment and problem-solving skills
- Must have experience working with security and governance frameworks (i.e. COBIT, NIST, FAIR).
- SME level knowledge of regulatory bodies and compliance regulations of IT
Technical Abilities, Knowledge, and Skills:
- Proficiency with GRC systems
- Proficiency with Microsoft Project, Microsoft Office products
Bachelor’s degree in Computer Science, Cybersecurity, Information Assurance, Risk Management, or related field.
- • One (1) to two (2) Years Working in an IT operational capacity.
• Minimum of one (1) to three (3) years in IT Audit, Risk Management, and Governance required.
• Three (3) to five (5) years working in an IT Operational Capacity.
• Cross domain IT experience.• CISA, and other IT Audit and Risk Management certifications preferred.