Cyber Security Analyst IV (Governance, Risk and Compliance)

Position Overview
The Cyber Security Analyst IV serves as a senior subject matter expert and program lead for the Governance, Risk, and Compliance (GRC) function supporting federal information systems. This position is responsible for defining RMF strategies, managing risk posture across multiple authorization boundaries and integrating privacy and cloud compliance into enterprise governance frameworks. The analyst provides executive-level insights on compliance performance and authorization readiness.

Major Activities (Typical Duties/Responsibilities)

• Oversee enterprise GRC and RMF programs, ensuring consistency across multiple system authorizations and enclaves.
• Direct the risk management process, ensuring risk identification, quantification and treatment strategies align with federal and agency guidance.
• Lead assurance activities, validating that control implementations meet the intent of NIST 800-53 Rev.5 requirements.
• Govern SSP and POA&M quality, establishing standards, templates and review checkpoints across systems.
• Oversee cloud service provider assessments, ensuring proper inheritance of FedRAMP controls and shared responsibilities.
• Provide leadership for privacy and data governance, ensuring integration of PIA activities into RMF documentation.
• Develop and track Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure compliance and risk health.
• Drive adoption of GRC automation, Continuous Controls Monitoring (CCM) and compliance analytics.
• Serve as primary point of contact during audits, IG reviews and authorization package evaluations.
• Mentor analysts and guide cross-functional teams on risk-informed decision-making and RMF optimization.
• Perform other duties as appropriate and as assigned. 

Knowledge/Skills/Abilities

• In-depth expertise with NIST 800-37, NIST 800-53 Rev.5, and FISMA implementation.
• Proven success managing enterprise risk, assurance, and audit readiness programs.
• Knowledge of quantitative risk models (e.g., FAIR, ISO 31000) and risk dashboards.
• Good interpersonal skills: ability to work effectively and cooperatively with all levels of management and staff, affiliated-company employees as well as outside business associates; exhibits a professional manner in dealing with others.
• Work independently, as well as on a team and with minimal supervision.
• Make decisions, solve problems, and exercise excellent judgment and analytical skills.
• Work well under pressure and independently prioritize workload, while working on multiple projects.
• Ability to research, organize and analyze technical information with particular attention to accuracy and details.
• Excellent written and verbal communication skills; including thorough knowledge of proper grammar, advanced vocabulary, spelling, editing and proofreading skills.
• Proficient using Microsoft Office products, such as Word, Excel and PowerPoint, and industry-standard computer software and databases.
• High degree of sensitivity regarding confidential information.

Physical Abilities

• Sufficient fine motor skills for the use of computers, calculators with an ability to withstand repetitive keyboarding for extended periods of time.
• Visual and communications ability adequate to perform the essential functions of the job.
• Ability to kneel, bend and twist at the waist on an occasional basis.
• Ability to reach below shoulder height with regular frequency (desk position) and at or above shoulder height on occasion.
• Ability to push, pull, carry, and lift objects weighing up to 10 pounds on a regular basis, and greater weights on an occasional basis.
• Ability to travel by vehicle or aircraft, and ability to safely operate a motor vehicle.

Minimum Qualifications

• Bachelor’s degree in Cybersecurity, Information Assurance, or a related technical discipline and at least eight (8) years of progressive experience in cybersecurity, including experience leading RMF and FISMA compliance in a federal or contractor environment, or an equivalent combination of education, experience and training.
• Ability to pass a background and drug screening.
• Must have identification compliant with the Real ID Act at time of hire.
• Must be able to obtain Department of Energy access badge. 
• Must be able to obtain and maintain a U.S. government security clearance. 

Preferred Qualifications

• Experience with enterprise GRC solutions (e.g., RegScale, ServiceNow GRC, Archer, eMASS, or similar).
• Expertise in FedRAMP, supply chain risk and vendor assurance.
• Demonstrated leadership in cross-domain governance (cyber, privacy and mission systems).
• Experience with privacy program implementation and integration.
• Relevant certifications such as CISSP, CISM, CRISC, CAP/CGRC, CIPP/US or similar.
  

Pay Range: $110,275.00-$198,468.00/ yearly

Benefits: OSC Technical Solutions offers excellent benefits for eligible employees. Benefits include paid holidays, paid time off, 401k with employer match, dental, vision, health insurance plans through the Federal Employee Health Benefits (FEHB) program, as well as life and disability benefits. 

OSC Technical Solutions does not discriminate, and the company provides equal employment opportunity for all employees and applicants without regard to race, religion, color, sex, gender, sexual orientation, national origin, citizenship status, age, marital status, pregnancy or parenthood, handicap or disability, genetics, veteran status or any other legally protected characteristic. OSC Technical Solutions adheres to all federal, state and local laws regarding equal employment opportunity and will not discriminate against you in violation of these laws. OSC Technical Solutions reserves the right to apply CIRI Shareholder preference to qualified Shareholders in employment and advancement opportunities.  

OSC Technical Solutions participates in E-Verify. We will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization. 

Reasonable Accommodation:

OSC Technical Solutions will provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities. In compliance with the ADA Amendments Act (ADAAA), if you have a disability and would like to request an accommodation in order to apply for a position with OSC Global, LLC or any of its subsidiaries, please email recruiting@ciri.com.