Position Description:

• Support the implementation and ongoing cadence of the GRC Component Assessment and Control Testing Processes to internal defense personnel and project teams.

• Create and publish supporting documentation for new/updated processes.

• Create and deliver audience specific training and communications for new/updated processes to IT and Business partners. 

• Work effectively with cross-functional and cross regional stakeholders with varying levels of business/technical skills. 

• Collect sufficient quantitative and qualitative data to accurately describe the current state, desired state, and root cause(s) of gaps, with guidance from others. 

• Analyze the future needs of customers and the enterprise, and translate these actions to enhance and mature the GRC program. 

• Address potential business/financial impacts, inter-related systems and risks associated with new processes and approaches. 

• Identify risks and issues across the multiple projects that form complex programs and large projects and support their mitigation. 

• Engage stakeholders to gain consensus on shared vision of project outcomes. (link removed) Anticipate up and down stream impacts and predicts/addresses obstacles. 

• Identify and assist in the resolution of conflicting business goals and systemic issues to enable business value realization. 

• Propose corrective actions to address management and governance problems within the program or project.

Skills / Experience Required:

• 3-5 years experience in risk management 

• 3-5 years experience working with control assessment and testing processes. 

• 3-5 years experience working with ISO 27001/2 standards, Information Security policies, risks and controls. 

• Excellent verbal and written communication.

Experience Preferred:

• Process Improvement mindset. 

• Knowledge of Application Development lifecycles. 

• Self-Starter who can work in ambiguous situations and drive to a solution. 

• Strong organizational skills; able to advance multiple work streams concurrently. 

• Prior experience working on Governance, Risk and Compliance (GRC) tool would be a plus.

• Able to function as a delivery lead for key program elements associated with the position. 

• Understanding of Compliance and Regulatory requirements e.g. (S-Ox, HIPAA, GLBA etc.).

Education Required:

• B.S. Information Systems, Computer Science or equivalent work experience in the requested field