[Hiring] Senior GRC Analyst @Summit 7 Systems

Role Description

We are seeking a detail-oriented GRC Analyst to join our compliance and risk management team supporting critical defense industrial base (DIB) requirements. This role is essential to our expanding compliance program portfolio, including CMMC Level 2/3, NIST 800-171 R2/R3, ISO 27001:2022, GDPR, and SOC 2 Type II certifications.

As a GRC Analyst, you will be responsible for the operational execution of our compliance programs, ensuring continuous monitoring, evidence management, and risk remediation tracking across multiple frameworks. You will work closely with the VP Cybersecurity Compliance and cross-functional teams to maintain audit readiness and support the implementation of new compliance programs.

This position is ideal for a compliance professional who thrives in operational roles, values process discipline, and wants to contribute to protecting national security through robust cybersecurity governance.

Responsibilities

• Continuous Compliance Operations (55%)
  • Evidence Management:
    • Collect, organize, and maintain compliance evidence on weekly, monthly, quarterly, and semi-annual schedules across all active frameworks.
  • ServiceNow GRC Administration:
    • Update and maintain GRC modules including control implementations, risk registers, POA&Ms, and compliance artifacts.
  • Risk & POA&M Management:
    • Distribute notifications to risk and POA&M owners, track remediation activities, escalate overdue items, and maintain accurate status reporting.
  • Supplier Risk Management:
    • Coordinate supplier risk assessments including onboarding, offboarding, and annual reviews; maintain vendor risk documentation.
  • Cross-Framework Reconciliation:
    • Map and reconcile evidence requirements across multiple standards as new versions are released.
• Program Implementation Support (30%)
  • New Program Standup:
    • Assist with implementation of new compliance frameworks including document gathering, gap analysis support, and stakeholder coordination.
  • Control Implementation Tracking:
    • Monitor and document control implementation progress, identify blockers, and support remediation efforts.
  • Assessment Preparation:
    • Prepare evidence packages and coordinate with assessors for C3PAO, ISO certification, and other third-party audits.
  • Documentation Development:
    • Support development and maintenance of System Security Plans (SSPs), policies, procedures, and compliance documentation.
• Collaboration & Continuous Improvement (15%)
  • Cross-Functional Coordination:
    • Work with IT, Engineering, HR, Legal, and other departments to gather evidence and implement controls.
  • Process Improvement:
    • Identify opportunities to streamline evidence collection and automate compliance workflows.
  • Training Support:
    • Participate in compliance training initiatives and security awareness programs.
  • Audit Support:
    • Serve as primary liaison for evidence requests during audits and assessments.

Qualifications

• Bachelor's degree in Information Security, Computer Science, Risk Management, or related field; or equivalent practical experience.
• 2-4 years of experience in GRC, compliance, information security, or IT audit roles.
• Demonstrated practitioner experience with at least one major compliance framework (NIST 800-171, ISO 27001, SOC 2, CMMC, or similar).

Requirements

• Working knowledge of NIST 800-171 R2/R3, CMMC Levels 1-3, and/or ISO 27001:2022 requirements.
• Experience with GRC platforms (ServiceNow GRC, Future Feed, or similar).
• Proficiency with Microsoft Office 365 and collaboration tools.
• Understanding of information security concepts, controls, and risk management principles.

Preferred Qualifications

• One or more of the following certifications:
  • Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA).
  • Certified Information Systems Security Professional (CISSP).
  • Certified Information Security Manager (CISM).
  • ISO 27001 Lead Implementer or Lead Auditor.
  • CRISC (Certified in Risk and Information Systems Control).
• Experience working in defense industrial base (DIB) organizations or cleared environments.
• Hands-on implementation or assessment familiarity with NIST 800-171 r2/r3, NIST 800-53, NIST 800-172, or FedRAMP requirements.
• Background in IT operations, systems administration, or cybersecurity engineering.

Benefits

• Excellent health/dental benefits from BCBS.
• See into the future with our luxurious VSP vision benefits.
• Prepare for the long-haul courtesy of our 401k with company matching.
• Unlimited mobile phone plan.
• 10 days' vacation, 7 days sick time.
• Bonuses and salary increase potential via our certifications plan.