Junior GRC Analyst

The Junior Governance, Risk and Compliance Analyst is responsible for assessing business policies, procedures, and operations to ensure the organization meets organizational requirements and government regulations for the protection of sensitive information. Governance, Risk and Compliance Analysts manage the legal and operational risks related to sensitive and critical information assets, continuously assess business unit operations, and develop policies, procedures and user training necessary to meet or exceed internal and external requirements.

Responsibilities:
• Conducting information technology risk assessments for systems, software, or configurations System Architecture design (compute, hardware/virtual, OS, storage, networking, security)
• Requests for modification to critical information systems and directs implementation of configuration changes
• Cybersecurity documentation such as plans for system security, incident response, contingency, and disaster recovery, analyses such as privacy impact, business impact, and security impact, policies, standards, guides, procedures etc. for completeness, currency, and accuracy, updating as necessary
• Validation of security control configuration on systems, ensure all systems are configured to necessary controls, such as NIST, DFARS, CMMC, and other similar requirements
• Creation of cybersecurity training content for use by GTRI personnel such as security awareness or CUI training
• Creation of departmental website content (articles, processes, procedures, etc.), including contacts, organizational charts, and team member details
• Supporting the GRC team service desk by resolving all assigned tickets
• Supporting senior analysts in gathering data for audits, policy reviews, and compliance analyses
• Contributing to the preparation of regulatory and compliance reports, collaborating with other units to ensure data correctness and compliance

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• Associate’s degree in cybersecurity, information security, information assurance or related field
• Ability to obtain a secret security clearance
• Practical knowledge of security applications and technologies, as well as operating system platforms including Windows, Mac, Linux, and Networking technologies
• Previous experience with vulnerability scanning, reporting, and management processes or tools
• Understanding of threats, vulnerabilities, and exploitation vectors for vulnerabilities being reported.
• Experience with Excel data manipulation and analysis including pivot tables, light macros, intermediate formulas.
• Ability to judge the priority of a vulnerability based on risk and impact
• Excellent written and verbal communication skills
• One or more basic cybersecurity certifications such as: Security+, CEH, CND, CySA+, CCNA-Security or equivalent

• Active secret clearance
• Bachelor’s degree in cybersecurity, information security, information assurance or related field
• Understanding of cybersecurity best practices and frameworks such as NIST 800-53/171, CMMC, RMF, MITRE, ATT&CK Framework, and OWASP top 10
• Previous experience in analyzing data to present relevant metrics to remediation stakeholders and leadership.
• Knowledge of common infrastructure vulnerability categorizations such as CVE, CVSS, and/or CWE
• Proficiency with the Atlassian Confluence content documentation platform
• Proficiency with the Atlassian Jira ticketing system
• One or more advanced cybersecurity certifications such as: CISSP, CISM, CISA, CASP, GEVA, CCNP-Security or equivalent

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.