Information Security GRC Analyst 3
Role details
Job location
Tech stack
Job description
- Support governance, risk, and compliance activities across unclassified A&D programs.
- Translate framework requirements (CNSSI 1253, NIST 800171/172, ISO 27001:2022) into actionable technical and procedural controls.
- Assist with developing, maintaining, and improving System Security Plans (SSPs), POA&Ms, risk registers, and related artifacts.
- Participate in system categorization, control inheritance, and continuous monitoring activities for information systems and enclaves.
- Conduct risk assessments, document findings, and work with engineering and operations teams to define mitigation strategies.
- Support internal and external audits, customer assessments, and inspection readiness activities.
- Contribute to policy and procedure development and ensure alignment to regulatory, contractual, and corporate requirements.
- Monitor changes in U.S. government cybersecurity policy, DoD directives, and commercial standards; assess impact to internal environments.
- Assist with incident response processes from a compliance and documentation perspective.
- Provide GRC guidance to project teams and stakeholders while maintaining a strong customerservice orientation.
Requirements
This midcareer position is ideal for an analytical, detailoriented professional with a solid grounding in risk management, cybersecurity controls, and compliance operations who is ready to take ownership of significant program responsibilities., Minimum of 4 years of related work experience, * Bachelor's degree in a STEM (Science, Technology, Engineering, Mathematics) field from an accredited college or university
- Four years of directly related exempt work experience may be used to satisfy the bachelor's degree requirement
- Working knowledge of at least two of the following frameworks: CNSSI 1253, NIST SP 80053, NIST SP 800171/172, ISO/IEC 27001:2022
- Experience supporting compliance in regulated or defensealigned environments (DoD, IC, A&D contractors, or similar)
- Strong analytical, documentation, and communication skills
Preferred Qualifications
- Experience with Risk Management Framework (RMF) authorization packages or audits
- Understanding of Zero Trust principles and enhanced cybersecurity requirements under 800172
- Professional certifications such as Security+, CySA+, CISM, CISSP, CCP, or CCA preferred
- Experience working with crossfunctional engineering, IT, and programming teams in highsecurity environments
- Prior experience with DFARS/CMMC compliance preferred
Benefits & conditions
We offer our employees competitive pay and benefits including:
- 401(k) match plus an additional employer contribution
- Discretionary annual incentive bonus for eligible employees
- Generous paid time off
- Flexible work environments
Additionally, most salaried ULA team members work a "9/80 schedule," meaning they enjoy every other Friday off.
Benefits and work schedules may vary for union-represented hourly positions and are described in the applicable collective bargaining agreement.