Your browser cookies must be enabled in order to apply for this job. Please contact [email protected] if you need further instruction on how to do that.

IT Governance, Risk Management and Compliance Analyst_Federal Pr

Information Technology | Hampton, VA | Full Time

Job Description

Job Title            : IT Governance, Risk Management and Compliance Analyst_Federal Project

Job Location     : Norfolk/Hampton, VA

Job Description:


    • Continuous monitoring of IT General Controls.
    • Continuously improve the security framework, methodology, standards, and system of internal controls.
    • Govern and report on findings, track status, and ensure corrective actions are complete and sustainable.
    • Create and maintain Documentation for Technical processes, and compliance procedures.
    • Support development, implementation, and maintenance of strong security risk & compliance processes for new and existing deployments.
    • Support risk identification & assessment, response & mitigation, control monitoring and reporting.
    • Create and maintain incident response, business continuity, and disaster recovery plans for cross-functional teams and deployed or developing systems.
    • Obtain and review evidence ensuring incident response audit conclusions are well-documented.
    • Track and provide guidance on lessons learned and institutional risk mitigations from incident response.
    • Develop narratives and required documentation for IT controls, acquisitions, and process or system changes.
  • Structured Functions:

    • Provide supply chain management guidance for procurement risk.
    • Provide cross-discipline consulting and management support for IT Security controls development and testing guidance
    • Assist in the completion of complex IT audits, and special projects for IT areas including:
    • General IT Controls (systems development, change management, computer operations, application controls
    • Data and Database Management
    • Network Security
    • Cloud Environment and Solution as a Service Security
    • Industrial Control and Operational Technology Security
    • Emerging technologies
    • Risk management, project management, governance, and compliance
    • Perform Risk and Controls Analysis of agency IT systems and functions.
    • Develop and implement IT audit programs and testing procedures and processes relevant to risk/compliance and test objectives across Agency Departments and IT functional groups.
    • Develop, plan, and perform internal audits of IT processes and information systems from a functional and technical perspective.
    • Provide quantitative and qualitative risk assessment and audit walk throughs.
    • Assist in development, review, and improvement of IT policies and procedures.
    • Assist in the development and completion of IT security risk assessments.
    • Develop risk and audit processes and programs in collaboration with agency risk management, and audit personnel.
  • Incident Response:

    • Complete or participate in operational, compliance, and IT Security investigations.
    • Assist as assistant incident coordinator as needed between across investigative teams and management.
    • Ensure incident recap and lessons-learned knowledge is socialized and disseminated to stakeholders.
    • Ensure quantitative analysis of impact is assessed during incident response.
    • Ensure lessons-learned and institutional knowledge are factored into future management and strategic planning.


Functional Abilities Knowledge and Skills:

  • Be a champion for security culture and excellence, exercise risk-based judgement and prioritize remediation work.

    • Knowledge of IT control concepts such as zones of trust, zero trust, and privileged access management.
    • Ability to self-manage with limited oversight.
    • Excellent written and oral communication skills.
    • Excellent interpersonal skills
    • Excellent judgment and problem-solving skills
    • Must have experience working with security and governance frameworks (i.e. COBIT, NIST, FAIR).
    • SME level knowledge of regulatory bodies and compliance regulations of IT
  • Technical Abilities, Knowledge, and Skills:

    • Proficiency with GRC systems
    • Proficiency with Microsoft Project, Microsoft Office products


Bachelor’s degree in Computer Science, Cybersecurity, Information Assurance, Risk Management, or related field.

Required Experience:

  • • One (1) to two (2) Years Working in an IT operational capacity.
    • Minimum of one (1) to three (3) years in IT Audit, Risk Management, and Governance required.

Preferred Experience:

  • • Three (3) to five (5) years working in an IT Operational Capacity.

    • Cross domain IT experience.

    • CISA, and other IT Audit and Risk Management certifications preferred.