Key Facts

Remote From:

Full time

Senior (5-10 years)

English

Hard Skills

NIST 800 Security Management Analytical Dashboard Compliance Risk Management Automated Critical Asset Management Systems Vulnerability Management Vulnerability Scanning Compliance Management Data Collection Continuous Monitoring GRC Software Business Process Automation Process Improvement End-User Training And Support Standards Organization Stakeholder Engagement Help Desk Support

Other Skills

•
Communication
•
Analytical Skills
•
Teamwork
•
Problem Solving

Roles & Responsibilities

Bachelor’s degree in Cybersecurity, IT, or related field
7+ years of experience with GRC platforms (e.g., ServiceNow GRC, Archer, Xacta, eMASS)
Strong knowledge of NIST RMF (SP 800-37) and NIST SP 800-53 controls
Experience with automation tools, scripting (e.g., Python, PowerShell), and API integrations

Requirements:

Design, implement, and maintain GRC tools and automation solutions supporting RMF and security control assessments
Automate workflows for security documentation (SSP, SAP, SAR, POAM) and assessment processes
Develop dashboards, metrics, and reporting capabilities to track compliance, risk posture, and assessment progress
Integrate GRC platforms with enterprise systems (e.g., vulnerability scanners, asset management, ticketing systems)

Job description

cFocus Software seeks a Automation / GRC Tools Specialist to join our program supporting the Internal Revenue Service (IRS). This position is remote. This position requires a Public Trust clearance.
Qualifications:

Bachelor’s degree in Cybersecurity, IT, or related field.
7+ years of experience with GRC platforms (e.g., ServiceNow GRC, Archer, Xacta, eMASS).
Strong knowledge of NIST RMF (SP 800-37) and NIST SP 800-53 controls.
Experience with automation tools, scripting (e.g., Python, PowerShell), and API integrations.
Familiarity with continuous monitoring, vulnerability management, and compliance reporting.
Strong analytical, problem-solving, and communication skills.

Duties:

Design, implement, and maintain GRC tools and automation solutions supporting RMF and security control assessments.
Automate workflows for security documentation (SSP, SAP, SAR, POA&M) and assessment processes.
Develop dashboards, metrics, and reporting capabilities to track compliance, risk posture, and assessment progress.
Integrate GRC platforms with enterprise systems (e.g., vulnerability scanners, asset management, ticketing systems).
Standardize templates, data models, and processes across assessment activities.
Support continuous monitoring (ISCM/CDM) through automated data collection and analysis.
Provide technical support for FedRAMP and FISMA reporting and compliance activities.
Identify opportunities for process improvement and implement automation to reduce manual effort.
Support audit requests (TIGTA, GAO, OMB) by generating automated reports and evidence.
Collaborate with cybersecurity SMEs, assessors, and stakeholders to improve tool usage and processes.
Provide training and guidance to users on GRC tools and automated workflows.