• Job Description

  Req#: 1736152
  Position Title:
  
  GRC Analyst
  
  Clearance:
  
  Desired, not required
  
  Location:
  
  Huntsville, AL/Remote
  
  Salary*:
  
  $110,000+
  
  *Dependent upon qualifications
  
  Summit 7 is here to rise above the ordinary. The work we do here goes far beyond day-to-day projects - it further protects the US defense industrial base from cyber threats, fosters thought leadership and creates growth opportunities. Our support staff, sales team and technicians are all coming together to make a difference. We also recognize that you're a person with life beyond work, that's why we invest in meaningful health and welfare benefits such as:
  
  • Excellent health/dental benefits from BCBS
  • See into the future with our luxurious VSP vision benefits
  • Prepare for the long-haul courtesy of our 401k with company matching
  • Unlimited mobile phone plan
  • 10 days' vacation, 7 days sick time
  • Bonuses and salary increase potential via our certifications plan
  
  We do cool work here, defying expectations by simply being who we are - each of us makes an impact.
  
  Summary
  
  We are seeking a detail-oriented GRC Analyst to join our compliance and risk management team supporting critical defense industrial base (DIB) requirements. This role is essential to our expanding compliance program portfolio, including CMMC Level 2/3, NIST 800-171 R2/R3, ISO 27001:2022, GDPR, and SOC 2 Type II certifications.
  
  As a GRC Analyst, you will be responsible for the operational execution of our compliance programs, ensuring continuous monitoring, evidence management, and risk remediation tracking across multiple frameworks. You will work closely with the VP Cybersecurity Compliance and cross-functional teams to maintain audit readiness and support the implementation of new compliance programs.
  
  This position is ideal for a compliance professional who thrives in operational roles, values process discipline, and wants to contribute to protecting national security through robust cybersecurity governance.
  
  Responsibilities
  
  Continuous Compliance Operations (55%)
  
  • Evidence Management: Collect, organize, and maintain compliance evidence on weekly, monthly, quarterly, and semi-annual schedules across all active frameworks
  • ServiceNow GRC Administration: Update and maintain GRC modules including control implementations, risk registers, POA&Ms, and compliance artifacts
  • Risk & POA&M Management: Distribute notifications to risk and POA&M owners, track remediation activities, escalate overdue items, and maintain accurate status reporting
  • Supplier Risk Management: Coordinate supplier risk assessments including onboarding, offboarding, and annual reviews; maintain vendor risk documentation
  • Cross-Framework Reconciliation: Map and reconcile evidence requirements across multiple standards as new versions are released
  
  Program Implementation Support (30%)
  
  • New Program Standup: Assist with implementation of new compliance frameworks including document gathering, gap analysis support, and stakeholder coordination
  • Control Implementation Tracking: Monitor and document control implementation progress, identify blockers, and support remediation efforts
  • Assessment Preparation: Prepare evidence packages and coordinate with assessors for C3PAO, ISO certification, and other third-party audits
  • Documentation Development: Support development and maintenance of System Security Plans (SSPs), policies, procedures, and compliance documentation
  
  Collaboration & Continuous Improvement (15%)
  
  • Cross-Functional Coordination: Work with IT, Engineering, HR, Legal, and other departments to gather evidence and implement controls
  • Process Improvement: Identify opportunities to streamline evidence collection and automate compliance workflows
  • Training Support: Participate in compliance training initiatives and security awareness programs
  • Audit Support: Serve as primary liaison for evidence requests during audits and assessments
  
  
  Requirements
  
  Education & Experience
  
  • Bachelor's degree in Information Security, Computer Science, Risk Management, or related field; or equivalent practical experience
  • 2-4 years of experience in GRC, compliance, information security, or IT audit roles
  • Demonstrated practitioner experience with at least one major compliance framework (NIST 800-171, ISO 27001, SOC 2, CMMC, or similar)
  
  Technical Skills
  
  • Working knowledge of NIST 800-171 R2/R3, CMMC Levels 1-3, and/or ISO 27001:2022 requirements
  • Experience with GRC platforms (ServiceNow GRC, Future Feed, or similar)
  • Proficiency with Microsoft Office 365 and collaboration tools
  • Understanding of information security concepts, controls, and risk management principles
  
  Core Competencies
  
  • Exceptional Attention to Detail: Ability to manage complex evidence matrices and ensure accuracy across multiple frameworks
  • Process Discipline: Strong adherence to established procedures and documentation standards
  • Organizational Skills: Ability to manage multiple deadlines, priorities, and stakeholder requests simultaneously
  • Communication: Clear written and verbal communication skills for stakeholder coordination and documentation
  • Analytical Thinking: Capability to understand control requirements and translate them into operational evidence collection activities
  
  
  Preferred Qualifications
  
  • Certifications: One or more of the following:
    • Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA)
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Security Manager (CISM)
    • ISO 27001 Lead Implementer or Lead Auditor
    • CRISC (Certified in Risk and Information Systems Control)
  • Experience working in defense industrial base (DIB) organizations or cleared environments
  • Hands-on implementation or assessment familiarity with NIST 800-171 r2/r3, NIST 800-53, NIST 800-172, or FedRAMP requirements
  • Background in IT operations, systems administration, or cybersecurity engineering
  
  
  Summit 7 Systems is an equal opportunity/ affirmative action employer and an alcohol and drug free workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
  
  Summit 7 Systems requires background investigations. Any offer of employment is contingent upon the results of a reference/background check. We are a drug and alcohol-free workplace and require pre-employment drug screening.

• About the company

  The best remote jobs for you

Notice