Join our Talent Network >

Cyber GRC Analyst

Job ID: 213731
Location: NORTH CHARLESTON, SC, United States
Date Posted: Apr 16, 2021
Category: Cyber
Subcategory: Cyber GRC
Schedule: Full-time
Shift: Day Job
Travel: Yes, 10 % of the Time
Minimum Clearance Required: Secret
Clearance Level Must Be Able to Obtain: None
Potential for Remote Work: Yes
Benefits: Click here

Share: mail

Job Description


SAIC is looking for a Cyber GRC Analyst in Charleston, SC. Remote work possible.

This individual will be responsible for supporting vendor and assigned ISSM efforts to develop DHA RMF packages and providing relevant cybersecurity expertise. They will
develop systems RMF supporting documentation in accordance with DHA/DON/DoD policies and procedures ensuring that Assessment & Authorization (A&A) packages are complete and systems compliance is met for the Authorizing Official (AO)
Responsibilities include:

Support and coordinate workflow, activity, and documentation necessary to achieve successful RMF Assessment & Authorization (A&A) efforts for various DoD environments. This includes:

  • Coordination among myriad stakeholders, e.g., Security Engineers, Network Administrators, System Administrators, Information Assurance Managers (IAMs) / Information Systems Security Managers (ISSMs (and representatives), program managers, vendors, etc., necessary to properly identify, document, mitigate, and manage risk attributed to the target system, network, and/or application;


  • Identify, develop (either directly, or in coordination with applicable experts), and incorporate common artifacts found in a RMF A&A package, e.g., system architecture and authorization boundaries, hardware and software inventories, risk assessment reports, POA&Ms, data flows, PPSM accounting, and other necessary system documentation,

Create DHA e-MASS artifacts and records for designated systems to ensure compliance with the latest directives. Documentation consists of Authorization Boundary diagrams, process flow diagrams, Detailed Architecture diagrams, Detailed Hardware/Software/Firmware Inventory Lists, Ports, Protocols, and Services Management (PPSM) Registration Record Lists, and varied plans, policies, and implementing documents.


Evaluate and provide input to systems security controls in eMASS, using Control Correlation Identifiers (CCIs) from the Assessment Procedure (AP) List, and submitting test results to verify compliance. Validated thousands of security controls and their associated APs. Also, initiating confirming, and mitigating Plans of Action & Milestones (POA&Ms) for identified security control deficiencies.


Conduct RMF Annual Security Reviews to validate systems security design, configuration, and operational environment continue to protect DHA/DON/DoD information against new risks and vulnerabilities that may affect the overall security posture.


Identify, develop (either directly, or in coordination with applicable experts), and incorporate common artifacts found in a RMF accreditation package, e.g., system architecture and boundaries, hardware and software inventories, risk assessment reports, POA&Ms, data flows, PPSM accounting, and other necessary system, network, and application documentation.

Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD IA security controls (technical, management, operational), Service regulations, etc., within the RMF package;

• Familiarity with the use of vulnerability scanning and assessment tools (e.g., ACAS/Nessus) necessary to identify and document compliance;

• Knowledge of and ability to use applicable compliance reporting tools (e.g., eMASS, CMRS, COAMS, Tanium, Phoenix) to document the progress to A&A.



• BS and 3+ years or HS and 7+ years.
• 3+ years of RMF experience
• Capable of providing thought leadership to the ISSM in his/her efforts to maintain an organizational or system-level cybersecurity program, consistent with DoD appointment memorandum focal points (e.g., cybersecurity architecture, compliance requirements, objectives and policies, personnel, and processes and procedures).
• Experience with Amazon Web Services is desired.
• Ability to identify, interpret and evaluate major applications, infrastructure, enclaves, and Enterprise system environments based on proposed accreditation boundaries.
• Ability to manage multiple projects simultaneously.
• Strong verbal and written communications and interpersonal skills.
• Active Secret Clearance
• Minimum of an IAT level II certification. IAT/IAM level III certification is preferred









Target salary range: $85,001 - $95,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.


SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.

Share: mail