Offer summary

Qualifications:

Bachelor's degree in Cybersecurity, Risk Management, or related field., 5-7+ years of experience in GRC, third-party risk management, or cybersecurity compliance., Strong knowledge of NIST 800-171 and security assessment methodologies., Proficiency in ServiceNow, Power BI, Excel, and PowerPoint for reporting and analysis..

Key responsibilities:

Conduct vendor risk assessments using ServiceNow.

Evaluate compliance with security standards like NIST 800-171.

Collaborate with legal and procurement teams on contract negotiations.

Develop risk metrics dashboards and improve risk management processes.

Job description

Position Summary:
Blue Sky Innovative Solutions is seeking a highly experienced GRC Analyst III or IV to lead the evaluation of third-party risk, particularly related to security and privacy controls. This role plays a crucial function in supporting vendor due diligence, security assessments, and compliance alignment. The analyst will lead contract negotiations with a focus on embedding stringent security terms and will leverage automation and analytics tools—including ServiceNow and AI-based platforms—to enhance efficiency in evaluating and documenting controls.

Key Responsibilities:

Conduct comprehensive vendor risk assessments using the ServiceNow Third Party Risk module.
Evaluate adherence to NIST 800-171, especially for TriCare in-scope vendors, and collect required attestations.
Collaborate with procurement and legal teams to negotiate contracts that include appropriate data protection and security language.
Utilize AI tools to review vendor artifacts and auto-generate summaries of key control areas.
Develop and maintain risk metrics dashboards using Power BI, Excel, and PowerPoint for leadership updates.
Work with vendors to clarify expectations, mitigate risk, and ensure compliance.
Provide continuous improvements to the third-party risk management lifecycle and reporting processes.

Required Qualifications:

5–7+ years of experience in GRC, third-party risk management, or cybersecurity compliance
Strong knowledge of NIST 800-171, security contracting, and vendor assessment methodologies
Proficiency in using ServiceNow Third Party Risk Management and GRC modules
Skilled in Power BI, Excel, and PowerPoint for reporting and visualization
Exceptional communication and negotiation skills; comfortable working directly with external vendors

Education and Certifications:

Bachelor's degree in Cybersecurity, Risk Management, Legal Studies, or a related field
Preferred certifications: Certified Third Party Risk Professional (CTPRP), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC)

About Blue Sky
Blue Sky Innovative Solutions (Blue Sky) assists its federal, state and local, and commercial clients with solving their toughest challenges in the areas of IT Infrastructure Support and Engineering; Application Development and Maintenance; Program and Project Management; and Management Consulting. Find out more about Blue Sky at www.bsis-llc.com. Blue Sky is an equal opportunity employer and recruits mission-oriented, proactive, skilled candidates from across the United States. As an SBA certified HUBZone small business, Blue Sky has a special interest in recruiting and hiring personnel who reside in HUBZones. To determine whether you reside in a HUBZone, visit http://map.sba.gov/hubzone/maps/. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Required profile