Apply on Employer Site

Aretum · 11 hours ago

Governance, Risk, and Compliance (GRC) Specialist - Contingent

Washington, DC

Full-time

Hybrid

Senior Level

5+ years exp

Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to customers across defense, civilian, and homeland security sectors. The GRC Specialist supports federal cybersecurity governance, risk management, and compliance activities by implementing and maintaining an effective risk program aligned to FISMA and the NIST Risk Management Framework.

ConsultingInformation Technology

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Support governance and compliance activities aligned to FISMA and agency cybersecurity requirements, including maintaining documentation and reporting support where applicable

Execute RMF-aligned risk activities across the system lifecycle, including control selection support, implementation validation, and ongoing continuous monitoring

Maintain and update authorization/compliance artifacts (as required by the environment), such as security plans and supporting evidence, ensuring documentation is accurate and audit-ready

Assist with security control assessment coordination by preparing artifacts, mapping evidence to controls, tracking assessment activities, and supporting remediation planning (Assessment methods and procedures are commonly aligned to NIST 800-53A practices)

Develop, manage, and track POA&Ms and remediation actions; collect and validate closure evidence and support risk acceptance processes as needed

Demonstrate and apply working knowledge of network design concepts and partner with technical teams to validate secure configurations and identify weaknesses

Support vulnerability management and security testing coordination for government systems to identify and document vulnerabilities, validate severity/impact, and track mitigation to completion

Support project management activities including work planning, task tracking, stakeholder coordination, meeting facilitation, and status reporting for GRC deliverables

Contribute to policy/standard development and continuous improvement initiatives for governance and risk processes using NIST-aligned control frameworks

Qualification

Cybersecurity GovernanceNIST Risk Management FrameworkSecurity Control AssessmentNetwork Design ConceptsVulnerability ManagementProject ManagementTechnical WritingFedRAMP FamiliarityStakeholder BriefingPolicy DevelopmentContinuous ImprovementSecurity TestingAudit ResponseEvidence CollectionControl Mapping

Required

Public Trust Eligibility Required

Minimum 5 years of experience in cybersecurity governance, risk, or compliance (GRC), preferably supporting federal or regulated environments

Demonstrated experience in project management, network design concepts, and testing the security of government systems to identify vulnerabilities

Working knowledge of the NIST RMF and how it is used to manage security and privacy risk across categorization, control selection/implementation, assessment, authorization, and continuous monitoring

Familiarity with the purpose and structure of NIST 800-53 security and privacy controls and how controls map to evidence and system security practices

Familiarity with security control assessment concepts and the use of assessment procedures (e.g., NIST 800-53A-style approaches)

Strong technical writing skills and ability to produce clear, defensible documentation for auditors and leadership

Experience supporting federal authorization packages and security assessment deliverables (e.g., SAP/SAR, evidence collection, audit response)

Familiarity with FedRAMP concepts for cloud environments (if the client environment includes cloud services)

Experience briefing technical and non-technical stakeholders and translating control requirements into practical implementation guidance