We are looking for a detail-oriented GRC Analyst to join our team in Woodbridge, New Jersey. In this role, you will support audit processes, oversee cybersecurity training initiatives, and ensure compliance with industry regulations and standards. This position offers a unique opportunity to collaborate across departments and contribute to maintaining the organization's security and risk management framework.<br><br>Responsibilities:<br>• Collect and organize evidence to support annual audits conducted internally and externally.<br>• Manage and monitor a centralized repository for audit-related documentation to ensure accessibility and accuracy.<br>• Respond promptly to audit requests, ensuring that all submissions meet required standards.<br>• Develop and deliver training programs on cybersecurity awareness, including onboarding sessions, periodic newsletters, and phishing simulations.<br>• Administer the organization's cybersecurity compliance training program to reinforce best practices.<br>• Conduct risk assessments using established frameworks to identify control strengths, weaknesses, and areas for improvement.<br>• Utilize the organization's platform to track and resolve security exceptions, violations, incidents, and other risk-related issues.<br>• Maintain updated documentation of procedures to enhance team knowledge and industry expertise.<br>• Assist in reviewing and updating security policies, standards, and practices annually to align with current operational needs.<br>• Collaborate with various business units to address new and existing regulatory requirements.
<p>Robert Half is searching for a <strong>GRC Security Analyst </strong>to join an online brokerage company based in Bellevue, WA. This GRC Security Analyst will be responsible for managing exception policies, conducting risk assessments, and ensuring compliance with cybersecurity standards. This position is a 6 month contract opportunity with the potential to extend and is 100% Remote. Apply today!</p><p><br></p><p>Details: </p><p>Schedule: Monday - Friday Core Hours (Flexible)</p><p>Duration: 6 month contract with the potential to extend </p><p>Location: Remote - Anywhere in the U.S. </p><ul><li>Preferred if candidates are located in WA, NY, CA AND D.C. (1 day onsite)</li></ul><p>Responsibilities:</p><ul><li>Oversee the policy exception lifecycle, including intake, triage, risk evaluation, approvals, and ongoing monitoring.</li><li>Ensure submitted requests are accurate, complete, and contain high-quality data for effective processing.</li><li>Apply thorough knowledge of security risk ratings in accordance with organizational guidelines and business needs.</li><li>Collaborate with the Program Lead to track operational metrics and prepare detailed reports.</li><li>Conduct control testing focused on cybersecurity risks, documenting procedures, results, and remediation actions.</li><li>Work closely with control owners to validate the design and operational effectiveness of controls.</li><li>Maintain and update organizational documentation, procedures, and control language to reflect current standards.</li><li>Support routine operational tasks, housekeeping, and initiatives aimed at process improvement.</li><li>Explore automation solutions for exception management and control testing workflows.</li><li>Utilize tools such as LogicGate, ServiceNow, and JIRA to streamline operational processes.</li></ul>
<p>We are seeking a detail-oriented and experienced <strong>Security Analyst</strong> with a strong background in <strong>Cybersecurity Maturity Model Certification (CMMC) Level 2 compliance</strong>. The ideal candidate will play a critical role in ensuring our organization meets and maintains CMMC Level 2 requirements, supporting both internal security initiatives and external client obligations.</p><p><br></p><p><strong>Key Responsibilities:</strong></p><ul><li>Conduct assessments and gap analyses against <strong>CMMC Level 2</strong> requirements.</li><li>Develop and maintain <strong>System Security Plans (SSPs)</strong>, <strong>Plans of Action and Milestones (POA& Ms)</strong>, and other compliance documentation.</li><li>Collaborate with IT, legal, and operations teams to implement and monitor security controls aligned with <strong>NIST SP 800-171</strong>.</li><li>Support internal and external audits, including readiness assessments for CMMC certification.</li><li>Monitor and respond to security incidents, ensuring proper documentation and remediation.</li><li>Stay current with evolving CMMC regulations, DoD requirements, and cybersecurity best practices.</li><li>Provide training and awareness programs to ensure organizational understanding of CMMC compliance.</li><li>Assist in the development and enforcement of security policies and procedures.</li></ul><p><br></p><p><strong>Qualifications:</strong></p><ul><li>Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience).</li><li>3+ years of experience in cybersecurity or compliance roles.</li><li>Proven experience with <strong>CMMC Level 2</strong> frameworks and <strong>NIST SP 800-171</strong>.</li><li>Familiarity with risk management frameworks (RMF), FISMA, and other federal compliance standards.</li><li>Strong analytical, problem-solving, and communication skills.</li><li>Security certifications such as <strong>Security+</strong>, <strong>CISSP</strong>, <strong>CISA</strong>, or <strong>CISM</strong> are a plus.</li></ul><p><br></p><p><strong>Preferred Skills:</strong></p><ul><li>Experience working with <strong>CMMC Registered Provider Organizations (RPOs)</strong> or <strong>Certified Third-Party Assessment Organizations (C3PAOs)</strong>.</li><li>Hands-on experience with <strong>GRC tools</strong> (e.g., eMASS, SecureControl, or similar).</li><li>Knowledge of cloud security and FedRAMP requirements.</li><li>Ability to work independently and manage multiple priorities in a fast-paced environment.</li></ul><p><br></p>
