Governance, Risk, and Compliance Junior (HYBRID) with Security Clearance

---

Job description

Overview: The Governance, Risk, and Compliance Junior will help perform vendor risk management activities that include vendor security and privacy assessments, inventory maintenance, and support for long term planning and automation efforts. Responsibilities:
The candidate shall provide support that includes, but is not limited to, the following tasks: • Perform vendor risk management security and privacy assessments in alignment with NIST standards. • Assist with various third-party risk activities, such as developing vendor risk policies, ensuring adherence with Federal mandates and directives, managing inventories, and supporting FedRAMP/cloud compliance processes.
• Perform security and privacy evaluations of potential vendors. • Provide vendor risk management policy support, to include: o Writing and updating third-party risk policies and procedures. o Assisting with efforts related to ensuring that vendors comply with Executive Order 14028: Improving the Nation's Cybersecurity, as well as other relevant federal regulations and mandates. • Provide vendor risk management process support, to include: o Facilitating end-to-end processes associated with compliance of vendor products. o Supporting long-term planning and program enhancement activities, to include process automation and vendor tiering. • Provide vendor risk management inventory support, to include: o Maintaining the vendor risk inventory. o Making recommendations for-and implementing changes-that improve the processes associated with the vendor risk inventory. Requirements:
At least 2 years of relevant experience detailed below:
• Understanding of relevant laws and regulations, such as NIST guidance and OMB memoranda. This includes knowledge of the NIST Risk Management Framework and familiarity with key publications like NIST SP 800-37, 800-53 Revision 5, and . • A broad understanding of third-party risk management, contract management, and procurement processes. • Experience conducting security and privacy assessments in alignment with NIST standards such as NIST 800-53 Rev. 5. • Experience assessing and evaluating cloud products; experience with FedRAMP compliance activities is highly desired. • Experience creating and maintaining third-party risk policies and procedures.
• Experience developing and implementing compliance programs, conducting risk assessments, and advising on compliance-related issues. • Experience assessing and mitigating risks associated with cybersecurity and data privacy, including the management of POA&Ms. • Experience using governance, risk, and compliance tools, including using them to collect and report on security and privacy metrics. • Experience communicating complex regulatory and compliance information in a clear and concise manner.

<!– job description page –>