Incident Management / Governance Risk Compliance (GRC) - HHS STIM

Incident Management / Governance Risk Compliance (Grc)

Job Overview

Responsibilities

• Lead and support cybersecurity incident management processes, including triage, escalation, and response.
• Administer and manage Governance, Risk, and Compliance (GRC) platforms such as Archer, ServiceNow GRC, or equivalent.
• Ensure compliance with federal standards including NIST SP 800-53 Rev. 5, FISMA, CIS Controls, and FedRAMP.
• Develop and maintain policies, procedures, and compliance documentation.
• Support enterprise risk assessments, vulnerability management, and control testing.
• Prepare audit reports and compliance dashboards for executive stakeholders.
• Collaborate with incident response, SOC, and engineering teams to align GRC processes with security operations.
• Provide mentorship and guidance to junior cybersecurity analysts.

Required Experience

• 10+ years of cybersecurity operations, compliance, and governance experience.
• Expertise in incident management, governance, risk, and compliance platforms.
• Strong knowledge of federal cybersecurity frameworks including NIST SP 800-53 Rev. 5, FISMA, and FedRAMP.
• Experience leading compliance teams and delivering audit support in federal environments.
• Proven ability to provide technical leadership and mentor junior staff.

Education & Certifications

• Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred).
• CISSP (Certified Information Systems Security Professional) certification required.
• CISM (Certified Information Security Manager) and/or CRISC (Certified in Risk and Information Systems Control) preferred.
• Additional certifications such as CISA or ISO 27001 Lead Implementer are highly desirable.

Clearance Requirement

• Must be eligible to obtain and maintain a Public Trust (High-Risk, Level 5) clearance.