×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Consultant

Governance Risk and Compliance; GRC Analyst

Job in Knoxville, Knox County, Tennessee, 37955, USA
Listing for: C2 Labs, Inc.
Contract position
Listed on 2026-02-07
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant
Job Description & How to Apply Below
Position: Governance Risk and Compliance (GRC) Analyst 1

C2 Labs [] partners with clients on their IT transformation journey viadata-driven IT strategic planning, application rationalization and redevelopment, and innovative research and development of new industry standards and technologies. C2 Labs provides
specialized products and services that allow our clients to innovate with speed and scaleseamlessly while maintaining a robust and effective security posture. C2 has a unique approach to client success enablement that is empowered by ART (Application Rationalization and
Transformation) and SCIENCE (Strategic Client Interview and Engineering to assess, design,and implement Cloud Ecosystems) to couple creative new approaches/technologies with provenmethodologies that deliver rapid results.

Must Live in the Knoxville, Tennessee metro area and Must be a US Citizen and capable of passing a Public Trust background investigation. For a two year contract.

Job Summary:
As a Governance Risk and Compliance (GRC) Analyst 1 at C2 Labs you will work with ateam of security analysts and engineers to implement regulatory frameworks such as the Federal Information Security Modernization Act (FISMA), the Federal Risk Authorization
Management Program (FedRAMP) and the State Risk Authorization Management Program(State

RAMP). You will leverage GRC tools to develop security authorization packagedocumentation such as the System Security Plan (SSP), Security Assessment Plan (SAP),
Security Assessment Report (SAR), and the Plan of Actions & Milestones (POA&M) in humanreadable and machine-readable formats. You will draft security control implementationstatements with enough detail to facilitate the testing of the controls and will develop supporting
documentation including the Contingency Plan (CP), Incident Response Plan (IRP), and Configuration Management Plan (CMP). As a GRC Analyst 1 your primary responsibility will beto ensure the timely development of the security authorization package in accordance with C2
Labs quality standards.

Job Responsibilities:
Categorize systems in accordance with Federal Information Processing Standards (FIPS) 199and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-60. Select and tailor security controls by applying scoping guidance in accordance with NIST SP800-53 and FedRAMP specific guidance. Document the implementation characteristics for security controls with enough detail to permit the testing of the security control by an independent assessor/Third Party Assessment Organization (3

PAO).

● Develop, review, and update security authorization package documentation to include the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Governance Risk and Compliance (GRC) Analyst 1

Report (SAR), and Plan of Actions and Milestones (POA&M).

● Develop, review, and update supporting documentation including the Contingency Plan(CP), Incident Response Plan (IRP), and Configuration Management Plan (CMP).

● Conduct Security Impact Assessments (SIAs) on changes to information systems

● Create the Control Implementation Summary (CIS)/Customer Responsibility Matrix(CRM) workbook outline Cloud Service Provider (CSP) and customer responsibilities.

● Develop, review, and update policies and procedures to support the implementation ofthe NIST 800-53 control families.

● Leverage the next generation of Governance Risk and Compliance (GRC) tools to automate the creation of the SSP.

● Review current security assessment and authorization processes and provide recommendations for improvement.

● Develop Risk Assessment Reports (RAR).

● Provide guidance on NIST 800-53, FedRAMP, and State

RAMP control requirements.

● Develop and deliver training to educate stakeholders on the various tasks and activitiesassociated with the RMF.

Qualifications:

● Minimum 1-3 years’ experience in IT consulting specializing in Governance, Risk, and Compliance using the RMF.

● CISSP, CISM, or CAP certification is preferred but not required.

● Excellent communication and interpersonal skills, with the ability to build a rapport andtrust with clients.

● Knowledge of the cybersecurity industry to include regulatory frameworks such as the National Institute…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search