Intermediate Cybersecurity Information Assurance Engineer with Security Clearance

---

Job description

Cybersecurity Information Assurance Engineer / GRC Analyst This position requires the ability to obtain a Public Trust We are seeking a proactive and detail-oriented Cybersecurity Information Assurance Engineer (Junior) / GRC Analyst (Junior) to support the development of information systems assurance programs and enhance the organization's governance, risk, and compliance (GRC) processes. Under general supervision, the GRC Analyst will assist in implementing security control guidelines, resolving technical issues, and supporting the development of new dashboards, metrics, and automated functionality. The successful candidate will also contribute to federal compliance initiatives, conduct market research, and help streamline cybersecurity operations through automation and policy adherence. Compensation & Benefits: Estimated Starting Salary Range for Cybersecurity Information Assurance Engineer / GRC Analyst: $125,000 to $130,000k Pay commensurate with experience. Full time benefits include Medical, Dental, Vision, 401K and other possible benefits as provided. Benefits are subject to change with or without notice. Cybersecurity Information Assurance Engineer / GRC Analyst Responsibilities Include: Assist in developing and implementing information systems assurance programs and security control guidelines to ensure compliance with cybersecurity best practices. Support the resolution of technical issues, prioritization of tasks, and development of methods to enhance cybersecurity operations. Prepare activity and progress reports related to information systems audits, ensuring accurate documentation of cybersecurity efforts. Develop new dashboard views to support the Cybersecurity Framework (CSF) and establish performance metrics for improved reporting and decision-making. Define processes for leveraging data from the Continuous Diagnostics and Mitigation (CDM) dashboard and provide support for stakeholder training on its usage. Assist in the automation of existing processes using Power Apps or similar tools to improve operational efficiency. Analyze and review emerging federal information security and privacy policies, directives, and mandates, ensuring timely compliance with specified requirements. Track the ownership of policies and procedures, ensuring the associated implementation timelines are adhered to and compliance requirements are met. Conduct market research and assist in establishing a roadmap for modernizing the organization's Governance, Risk, and Compliance (GRC) tool, identifying key requirements for improvement. Support agency-led High Value Asset (HVA) assessments in compliance with the Cybersecurity and Infrastructure Security Agency (CISA) Assessment Evaluation and Standardization (AES) Program. Update and enhance the organization's Entity-Wise Business Impact Analysis (EWBIA) to align with evolving business and cybersecurity needs. Performs other job-related duties as assigned Cybersecurity Information Assurance Engineer / GRC Analyst Experience, Education, Skills, Abilities requested: Bachelor's degree in Cybersecurity, Information Technology, or a related field. Minimum 2 years of experience in cybersecurity or related fields, with exposure to governance, risk, and compliance processes. Possesses IAT Level II certification (e.g., CompTIA Security+, GIAC, or equivalent). Familiarity with the Cybersecurity Framework (CSF) and Continuous Diagnostics and Mitigation (CDM) dashboard concepts. Basic understanding of automation tools like Power Apps and experience with process automation is a plus. Knowledge of federal cybersecurity and privacy mandates, with the ability to analyze and assist in the implementation of new policies. Strong attention to detail and the ability to manage multiple tasks effectively. Excellent communication skills, with the ability to prepare reports and documentation for various audiences. Exposure to High Value Asset (HVA) assessments and familiarity with CISA's Assessment Evaluation and Standardization (AES) Program preferred. Experience in conducting Entity-Wise Business Impact Analysis (EWBIA) or similar processes preferred. Basic understanding of API development to support automation and data integration efforts preferred. Past applicable job experience may include, but is not limited to: Information Security Compliance Analyst, Cybersecurity Risk Analyst, or Governance, Risk, and Compliance (GRC) Engineer Must pass pre-employment qualifications of Cherokee Federal Company Information: Cherokee United Services (CUS) is a part of Cherokee Federal - the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government's mission with compassion and heart. To learn more about CUS, visit Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply. Similar searchable job titles Information Security Compliance Analyst Cybersecurity Risk Analyst Governance, Risk, and Compliance (GRC) Engineer Information Assurance Specialist Security Risk and Compliance Analyst Keywords Information Security Risk Management Compliance Standards Audit Processes Data Protection Legal Disclaimer: Cherokee Federal is an equal opportunity employer. Please visit for information regarding our Affirmative Action and Equal Opportunity Employer Statement, and Accommodation request. Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.

<!– job description page –>