Cybersecurity Governance Risk and Compliance (GRC) Specialist

• Partner with Legal, Compliance, and Regulatory Affairs to manage overall compliance with internal policies, nuclear regulations (NIRMA, CFR), applicable law (HIPAA, GDPR), and information security industry standards (NIST, ISO/IEC).
• Develop, maintain, and enforce the organization's information security policies, processes, and procedures.
• Manage the company’s System Security Plan (SSP) in alignment with our security controls.
• Maintain the company’s cybersecurity Plan of Action and Milestones (POA&M) assigning risk values to the matrix to drive priority.
• Conduct and participate in internal and external audits for compliance with applicable laws, regulations, and industry standards.
• Develop and maintain an effective cybersecurity risk management program, including risk assessments, vulnerability assessments, and threat assessments.
• Assist in creating, maintaining and reporting of a corporate Risk Register for leadership review.
• Work with cross-functional teams to identify and assess security vulnerabilities and develop effective mitigation strategies.
• Ensure incident response policies, playbooks, and escalation procedures are in place.
• Contribute to development of information security awareness training to ensure all staff members are knowledgeable with the organization’s cybersecurity policies, procedures, and standards.

• Minimum of 5 years of experience in cybersecurity governance, risk, and compliance roles.
• Knowledge of industry regulations and standards, such as NIRMA, Code of Federal Regulations (10 CFR Part 810), HIPAA, FedRamp, CMMC, GDPR, NIST Cybersecurity Framework (especially 800-53 and 800-171), ISO 27001, etc.
• Proven track record of coordinating with external auditors and participating in compliance audits.
• Strong analytical, critical-thinking, and problem-solving skills, with the ability to identify and assess risks and develop effective mitigation strategies.
• Excellent communication skills, both verbal and written, with the ability to communicate complex cybersecurity concepts to technical and non-technical audiences.
• Willing to share knowledge and assist others in understanding technical and business topics.
• Strong project management skills, with the ability to manage multiple projects simultaneously and meet tight deadlines.
• Familiarity with security assessment tools and techniques, such as vulnerability scanning and penetration testing.
• Self-motivated, constructive and positive attitude.
• The successful candidate will possess a high degree of trust and integrity, communicate openly and display respect and a desire to foster teamwork.
• Required Job Qualifications:

• Bachelor's degree in Computer Science, Information Security, or related field.
• At least one industry certification (e.g., CISA, CISM, CGEIT, CRISC, CISSP, ISAAP, GRCP).
• Experience effectively managing security controls in hybrid (Cloud & on-prem) environments.
• Experience working in a heavily regulated industry.
• Project management experience is preferred.

• Job Type: Contract
• Location: Remote eligible BUT highly prefers an onsite candidate.
• Pay Rate: $63-80/hour.
• Export control regulations require candidates to be a U.S. Citizen, U.S. Legal Permanent Resident, or of a protected person status.

Protingent