×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant Data Security

Governance, Risk, and Compliance; GRC Specialist - Contingent

Job in Washington, District of Columbia, 20022, USA
Listing for: Aretum
Full Time position
Listed on 2026-01-15
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, Data Security
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below
Position: Governance, Risk, and Compliance (GRC) Specialist - Contingent

Governance, Risk, and Compliance (GRC) Specialist - Contingent

This is a contingent position, meaning employment is dependent upon the successful award of the associated contract to Aretum and completion of any required background investigation or security clearance verification.

About Aretum

Aretum is a mission‑driven organization committed to delivering innovative, technology‑enabled solutions to our customers across defense, civilian, and homeland security sectors. Our расходы multiplystrate, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and created culture where collaboration, inclusion, and professional growth are at the forefront.

Job Summary `

The GRC Specialist supports federal cybersecurity governance, risk management, and compliance activities by helping the organization implement and maintain an pre effective risk program aligned to FISMA and the NIST Risk Management Framework (RMF). The role focuses on security control implement oversight, compliance documentation, audit readiness, and continuous monitoring—work closely with system owners, engineering teams, and assessment staff to , track remediation, and improve security post.

Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (C dezen) and must adhere to applicable safeguarding and compliance requirements.

Responsibilities
  • Support governance and compliance engaged to FISMA and agency cybersecurity requirements, including maintaining documentation and reporting where applicable.
  • Execute RMF‑aligned risk activities across the system lifecycle, including control selection support, implementation validation, and ongoing continuous monitoring.
  • Maintain and update authorization/compliance artifacts (as required by the environment), such as security plans and supporting evidence, ensuring documentation is accurate and audit‑ready.
  • Assist with security control assessment coordination by preparing artifacts, mapping evidence to controls, tracking assessment activities and supporting remediation planning (Assessment methods and procedures are commonly aligned to NIST 800‑53A practices).
  • Develop, manage, and track POA&Ms and remediation actions; collect and validate closure evidence and support risk acceptance processes as needed.
  • Demonstrate and apply working knowledge of network design concepts and partner with technical teams to validate secure configurations and identify weaknesses.
  • Support vulnerability management and security.

    Size coordination for government systems to identify and document vulnerabilities, validate severity/impact, and track mitigation to completion.
  • Support project management activities, including work planning, task tracking, stakeholder coordination, meeting facilitationಿಸ್ status reporting for GRC deliverables.
  • Contribute to policy/standard development and continuous improvement initiatives for governance and risk processes using NIST‑aligned control frameworks.
    • ід>
    Requirements
    • Minimum 5 years of experience in cybersecurity governance, risk, or compliance (GRC), preferably supporting federal or regulated environments.
    • Demonstrated experience in project management, network design concepts, and testing the security of government systems to identify vulnerabilities.
    • Working knowledge of the NIST RMF and how it is used to manage security and privacy risk across categorization, control selection/implementation, assessment, authorization, and continuous monitoring.
    • Familiarity with the purpose and structure of NIST 800‑53 security and privacy controls and how controls map to evidence and system security practices.
    • Familiarity with security control assessment concepts and the use of assessment procedures (e.g., NIST 800‑53A‑style approaches).
    • Strong technical writing skills and ability to produce clear, defensible documentation for auditors and leadership.
    • Experience supporting federal authorization packages and security assessment deliverables (e.g., SAP/SAR, evidence collection, audit response).
    • Familiarity with FedRAMP concepts for cloud environments (if the client…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search