← All Jobs
Posted May 10, 2026

GRC Engineer / ISSO

Apply Now
About the Role: The candidate will serve as a highly skilled Sr. GRC Engineer / ISSO responsible for maintaining the cybersecurity posture of a federal program, system, or enclave. They will ensure that security and privacy requirements are effectively implemented, continuously monitored, and aligned with Federal standards. They will work in close collaboration with the client system owner and act as the principal advisor on all matters related to security and privacy controls, bringing deep expertise in managing the security lifecycle of complex organizational systems. The ideal candidate will champion the organization’s transition to GRC Engineering. Role Responsibilities: • Serve as an advocate for innovation within the GRC program by identifying opportunities to modernize processes, reduce manual effort, and introduce engineering driven practices. • Promote and support migration to cloud and hybrid architectures by aligning security planning, controls, and monitoring activities with cloudnative capabilities and shared responsibility models. • Drive adoption of continuous monitoring practices that emphasize automated data collection, real time visibility, and rapid detection of risk indicators. • Implement and support automated alerting mechanisms, dashboards, and analytics that enhance situational awareness and support operational decision making. • Work closely with client stakeholders, engineering teams, and system owners to educate, demonstrate, and introduce new capabilities such as policy as code, automated evidence generation, and integrated risk scoring. • Encourage the integration of devsecops practices, supply chain risk management, zero trust principles, and AI or ML enabled analysis into GRC workflows to improve agility and resilience. • Facilitate collaboration across IT and OT environments to ensure modernization initiatives support mission needs while maintaining consistent security and privacy protections. • Identify the security and privacy requirements allocated to a system and to the organization. • Identify the characteristics of a system and contribute to determining the boundary of a system. • Collaborate with the System Owner to categorize the system and document the security categorization results as part of system requirements. • Identify stakeholders who have a security and/or privacy interest in the development, implementation, operation, or sustainment of a system. • Identify the stakeholder protection needs and stakeholder security and privacy requirements. • Identify the types of information to be processed, stored, or transmitted by a system. • Identify stakeholder assets that require protection. • Conduct an initial risk assessment of stakeholder assets and update the risk assessment on an ongoing basis. • Select the security and privacy controls for a system and document the functional description of the planned control implementations in a security/privacy plan. • Develop a strategy for monitoring security and privacy control effectiveness; coordinate the system-level strategy with the organization and mission/business process-level monitoring strategy. • Develop, review, and approve a plan to assess the security and privacy controls in a system and the organization. • Document changes to planned security and privacy control implementation and establish the configuration baseline for a system. • Respond to system risk posture based on the results of ongoing monitoring activities, assessment of risk, and outstanding items in a plan of action and milestones (POA&M). • Prepare a plan of action and milestones based on the findings and recommendations of a security assessment report excluding any remediation actions taken. • Update a security plan, security assessment report, and plan of action and milestones based on the results of a continuous monitoring process. • Review the security and privacy status of a system (including the effectiveness of security and privacy controls) on an ongoing basis to determine whether the risk remains acceptable. • Report the security status of a system (including the effectiveness of security and privacy controls) to an authorizing official on an ongoing basis in accordance with the monitoring strategy. • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. • Ensure that security improvement actions are evaluated, validated, and implemented as required. Required Education & Qualifications: • Bachelor's degree in Computer Science, Information Systems, or related degree or an additional three (3) years of relevant experience. • 7+ years of relevant cyber security experience Apply tot his job Apply To this Job
Apply Now

More Remote Jobs

Senior Account Executive [Remote]May 21, 2026Governance Consultant – GRC PracticeMay 27, 2026Cybersecurity GRC AnalystMay 23, 2026SOC Analyst (Level 2)May 10, 2026Senior Security AnalystMay 15, 2026Product Manager (ex-founder or ex-product engineer)May 13, 2026ServiceNow Technical Lead- IRM & GRCMay 11, 2026**Experienced Data Entry Associate – Remote Work Opportunity with arenaflex**May 15, 2026**Experienced Full-Time Remote Customer Service Representative – Delivering Exceptional Experiences at arenaflex**May 22, 2026**Experienced Full Stack Data Entry Specialist – Remote Part-Time Opportunity at arenaflex**May 15, 2026IT GRC Contract AnalystMay 17, 2026**Experienced Part-Time Remote Data Entry Specialist – Flexible Work Arrangement for a Rewarding Career**May 20, 2026Corporate Safety Manager (hybrid or remote)May 12, 2026Senior Fullstack Software Engineer, GRCMay 18, 2026Sales Specialist - HPE CloudOps Software SuiteMay 16, 2026