Description
Description
SAIC is seeking a Cyber Governance, Risk, and Compliance (GRC) Analyst associate to support a U.S. government agency in Washington, DC. This hybrid role requires three days onsite per week and offers a strong foundation for candidates beginning their career in cybersecurity compliance, risk analysis, and IT governance.
The Cyber GRC Associate will work alongside senior cybersecurity professionals and Information System Security & Privacy Officers (ISSPOs) to support the implementation of the NIST Risk Management Framework (RMF), FISMA compliance, and other federal security policies. The role involves assisting with documentation, security assessments, continuous monitoring, and risk tracking across cloud and on-premise systems.
Core Responsibilities & Qualifications:
· Assist in preparing and maintaining key security artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), and POA&Ms.
· Support development of security control implementation statements based on NIST SP 800-53.
· Help document system boundaries, network diagrams, and technical narratives following changes or assessments.
· Familiarity with FISMA, RMF, and federal cybersecurity compliance frameworks.
· Participate in risk assessments for IT systems and applications, identifying control gaps and recommending mitigation strategies.
· Assist with Security Impact Analyses (SIAs) related to configuration or operational changes.
· Contribute to analysis and tracking of control deficiencies, exceptions, and waiver requests.
· Help validate ongoing security control effectiveness by collecting and reviewing evidence as part of Continuous Monitoring activities.
· Support audit readiness efforts, third-party assessments or internal reviews.
· Exposure to GRC tools (e.g., CSAM, eMASS, Archer) or audit documentation tracking systems is a plus.
· Coordinate with infrastructure, cloud, and application teams to support secure configurations and remediation tracking.
· Assist in documenting and analyzing security incidents, including initial impact assessment and recommended response actions.
· Strong written and verbal communication skills, with the ability to interpret and document technical information clearly.
Qualifications
Education & Experience:
· Bachelor's degree in Cybersecurity, Information Systems, or related field.
· 0–2 years of experience in cybersecurity, compliance, or IT governance (internships or academic project work acceptable).
· Proficiency with Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint).
· Strong attention to detail, analytical skills, and ability to learn in a fast-paced environment.
Preferred Qualifications:
· Entry-level certification (e.g., Security+, ITIL Foundation, CAP).
· Familiarity with FedRAMP, cloud compliance, or privacy requirements.
· Awareness of frameworks such as OWASP Top 10 or MITRE ATT&CK.
· Prior exposure to configuration/change management or documentation control processes.
Clearance Requirement:
Must be eligible to obtain and maintain a U.S. Public Trust clearance.
This is a hybrid position requiring three on-site days per week in Washington, DC.
Target salary range: $40,001 - $80,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
Apply on company website
Find Connections via Linkedin
