Complete Description:

The Governance, Risk and Compliance (GRC) Analyst shall provide support for revising internal security policies and standards, participating in risk assessments and audits with stakeholders, creating and documenting internal processes to support GRC and participating in executing the cybersecurity awareness program as a member of a highly experienced security team supporting the District of Columbia Government (DCGOV) network. 

The GRC Analyst shall be responsible for the following, but not limited to:

•           Prepare and edit policy documentation incorporating information provided by subject matter experts (SME).

•           Develop and formalize a quality assurance review process of all existing security policies and ensure consistency in review period.

•           Ability to interpret complex technical concepts and articulate the information in policy documentation.

•           Maintain a record or revisions regarding operational policies and procedures. 

•           Help with process development and documentation involving multiple departments and teams internally and external.

•           Provide liaison support for District-wide Information Security Officer (ISO) communications structure.

•           Assist with development of standard operating procedures for security operations team. 

•           Serve as Assistant Information Security Officer assisting in policy and communication strategy for GRC initiatives.

•           Assistance with managing the Information Security SharePoint page.

•           Become an active participant in developing and maintain and information security awareness training program and assist in tracking and analyzing metrics for reporting.

Behavioral Characteristics:

Working in a collaborative team environment, the GRC Analyst will work with stakeholders both internal and external to develop policy, assist in strategy roll out and guidance for best practices to help reduce risk on the DCGOV network.