Be on Alert – Fraudulent Employment Offers. Learn More

Arlington, Virginia, United States of America
JOB #R1901837

GRC Specialist

Working at ICF

Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit to find your next career. ICF—together for tomorrow.

ICF seeks a GRC Specialist to support the Governance, Risk and Compliance capabilities  in the cyber security area for our federal client. In this role you will utilize your experience as a Cyber professional to provide policy, program and risk management support to our federal client. You will support the client’s activities related to FISMA compliance and security policies and procedures, in the client agency.

This position is part of a large, business analysis and management support services contract for a federal civilian agency and is based on our client site in Arlington, VA.

What you’ll be doing:

  • Interface with cyber security and technical subject matter experts to gather information  to inform policy statements, and develop/update organizational policies accordingly.
  • Use your experience with the NIST 800 series publications to maintain and update security policies, technical guidance and SOPs.
  • Develop System Security artifacts including but not limited to: Security Profiles, Privacy Impact Assessments, System Security Plans, Risk Assessments, and Waivers
  • Process Security MOA’s and ISAs including developing documents, tracking and routing to appropriate POCs for review and signature
  • Assist Information Security Manager in managing the waiver process including recommending mitigation strategies, identifying compensating controls, and documenting waivers
  • Provide planning, documentation, logistics, and execution support for cyber security and risk management meetings.
  • Develop reports for, monitor, and track status of Acceptance of Risk (AOR) requests.
  • Monitor and track status of user security training completion.
  • Support audit-related data calls, compile and record audit responses; track audit findings to resolution.
  • Mitigate security audit findings including but not limited to audits conducted by OIG and GAO.
  • Develop and update management level reports and dashboards.
  • Contribute to the ATO process for new client systems and/or major upgrades including developing and updating documentation
  • Lend cybersecurity and risk management expertise to a diverse set of enterprise programs and initiatives.
  • Research, review, monitor, and report on industry best practices, latest cyber security developments and trends, standards, and guidelines, and apply these to the Federal environment.
  • Identify and implement process improvement initiatives that contribute to and enhance the efficacy of the client’s Information Security Program

Basic Qualifications:

  • Direct experience with FISMA/NIST 800 series publications is required.
  • Direct experience with NIST 800-53 rev.4
  • Direct experience with NIST 800-37 rev. 2 (RMF)
  • Experience working with Federal clients
  • Familiarity with and experience assisting Federal agencies implement and align organizational security policies and practices to Office of Management and Budget (OMB) and Department of Homeland Security (DHS) policies and directives
  • Strong writing skills
  • Familiarity with Audits, ATO process, Vendor Risk Management
  • Bachelor’s degree with 5+ years’ experience in Cybersecurity and risk management best practices

Preferred Skills/Experience:

  • Certifications that are strongly preferred (not required): PMP, CISA, CISSP, CISM and/or other security certifications
  • Experience developing or analyzing security policy.
  • Experience in designing and implementing security standards and best practices.
  • Hands-on experience using OpenFISMA® to tracking audit findings
  • Hands-on experience in establishing and maturing an organization’s Security Program
  • Program/project management experience

 Professional Skills:

  • Strong analytical, problem-solving and decision making capabilities.
  • Strong written and verbal communication skills.
  • Proven track record of providing high quality professional services to Information Security Managers
  • Demonstrated history of positive customer-oriented interactions.
  • Aptitude for working autonomously in a fast-paced environment.
  • Ability to multi-task and prioritize according to changing circumstances.

Reasonable Accommodations are available for disabled veterans and applicants with disabilities in all phases of the application and employment process. To request an accommodation please email and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.

Virginia Client Office (VA88)

Who is ICF?

A consulting services company of over 5,000 experts across 67 countries, but not your typical consultants

More jobs you might like

May 23, 2019
Fairfax, Virginia, United States of America
May 22, 2019
Durham, North Carolina, United States of America
May 22, 2019
Fairfax, Virginia, United States of America
May 22, 2019
Colorado Springs, Colorado, United States of America
May 17, 2019
Aberdeen, Maryland, United States of America
May 16, 2019
Quantico, Virginia, United States of America
See All Jobs