GRC Analyst Job at Nexus IT Group, Washington DC

bzhQV0JjYVMydjFGS0sxR1dGNUNGWTc1aEE9PQ==
  • Nexus IT Group
  • Washington DC

Job Description

The Governance, Risk, and Compliance (GRC) Analyst supporting federal and customer programs is responsible for evaluating, documenting, and operationalizing cybersecurity and compliance requirements across the organization. This position works across contractual obligations, regulatory standards, and internal security controls-translating external requirements into clear internal actions and assessing how effectively those obligations are being met.

This individual plays a central role in reviewing contractual security language, aligning requirements to applicable frameworks and existing controls, and identifying gaps. The role also supports risk management processes, policy and governance activities, and audit or customer-facing security inquiries.

A significant portion of the work involves analyzing contract terms as new business is awarded and existing programs evolve. This person will act as a key reviewer of cybersecurity-related contract language and partner closely with legal and procurement teams during negotiations and revisions. The role is well suited for someone who enjoys detailed analysis of regulatory and contractual text as a core part of their responsibilities.

This is a highly detail-oriented and writing-heavy role that requires strong analytical thinking, familiarity with multiple compliance standards, and the ability to collaborate across technical and non-technical teams.
Key Responsibilities

Contract & Requirements Analysis
  • Review contracts, statements of work, and related documents to identify cybersecurity, privacy, and data protection requirements.
  • Translate contractual obligations into structured, actionable requirements that can be tracked and validated.
  • Assess alignment between requirements and current security controls, identifying areas of full, partial, or non-compliance.
  • Develop artifacts such as gap analyses, compliance matrices, and traceability documentation.
  • Partner with legal and procurement teams on contract language, including negotiations and supplier flow-down requirements.
Framework Alignment & Interpretation
  • Maintain working knowledge of relevant standards such as NIST frameworks, ISO 27001, FedRAMP, CMMC, and applicable international regulations.
  • Map controls across frameworks to streamline compliance efforts and reduce redundancy.
  • Interpret regulatory guidance and apply it to business systems and scenarios, escalating uncertainties when needed.
Governance & Policy Support
  • Help maintain documentation within the organization's information security management system (ISMS), ensuring accuracy and audit readiness.
  • Support policy lifecycle activities including updates, version control, and exception handling.
  • Contribute to reporting on compliance posture, including metrics and remediation progress.
Documentation & Deliverables
  • Create and maintain compliance documentation such as security plans, remediation trackers, policies, and audit materials.
  • Respond to customer, auditor, or regulator inquiries with clear and tailored written communication.
Risk Management
  • Lead the risk assessment process, maintaining a risk register and documenting findings and mitigation strategies.
  • Support risk acceptance and exception workflows, ensuring proper documentation and follow-through.
  • Track and report on remediation activities and escalate high-risk or overdue items.
Third-Party Risk
  • Participate in vendor and supplier security reviews, including assessment of questionnaires and control attestations.
  • Support evaluation of supplier compliance with contractual security requirements.
Audit & Assessment Support
  • Assist with internal and external audits, certifications, and assessments.
  • Coordinate evidence collection and validation with internal stakeholders.
  • Participate in audit discussions as a subject matter contributor when needed.
Cross-Functional Collaboration
  • Work closely with legal, procurement, engineering, IT, and security teams to interpret and implement requirements.
  • Act as a resource for internal stakeholders on regulatory and contractual compliance expectations.
What Success Looks Like (First Year)
  • Establish a consistent intake and review process for contract-related security requirements.
  • Deliver traceability documentation linking contract requirements to controls and evidence.
  • Implement and maintain a formal risk management process and reporting cadence.
  • Ensure security documentation remains audit-ready through at least one assessment cycle.
Required Qualifications
  • 5+ years of experience in GRC, IT audit, or a related cybersecurity discipline.
  • Strong familiarity with NIST-based frameworks and control implementation practices.
  • Experience developing compliance documentation such as security plans or control matrices.
  • Hands-on involvement in audits or certification processes (e.g., ISO 27001, SOC 2, FedRAMP, or similar).
  • Excellent writing and documentation skills.
  • Ability and interest in interpreting contractual and regulatory language in detail.
  • Experience collaborating across technical and business teams.
  • Bachelor's degree in a relevant field or equivalent experience.
Preferred Qualifications
  • Experience with government or defense-related compliance requirements.
  • Familiarity with international data protection and security regulations.
  • Background working with sensitive or regulated data environments.
  • Exposure to highly regulated industries such as aerospace, defense, or advanced technology.
  • Experience reviewing or negotiating contract security terms.
  • Familiarity with GRC platforms (e.g., enterprise risk or compliance tools).
  • Relevant certifications (e.g., CISA, CISSP, CRISC, ISO 27001, or similar).
  • Active security clearance or eligibility to obtain one.

Job Tags

Contract work

Similar Jobs

Truck Insure

OTR CDL-A Owner Operator | Free Trailer | Same-Day Pay Job at Truck Insure

 ...OperatingDry VanReeferRequirementsCDL A CLASSCLEAN MVR RECORD1+ YEAR OF EXPERIENCENO DUI/OWIOTRPay and BenefitsFREE TRAILER - NO RENTSAME DAY PAY - GET PAID FEW HOURS AFTER DELIVERYLOW 10% COMMISIONSOPTIONAL LEASE TO BUY TRAILER PROGRAM - STAY... 

Alternative Community Resource Programs Inc

Office Manager Job at Alternative Community Resource Programs Inc

 ...Job Description Job Description Job Summary: The Office Manager will oversee the general administrative function and activities of the office. The Office Manager ensures that the offices runs efficiently and that the employees have what they need to be successful... 

HCA Healthcare

Registered Nurse (RN) - Hiring Now! Job at HCA Healthcare

 ....Technology and toolsthat streamline patient monitoringandcommunication to help you work more efficiently.Robustsupply chains to keep...  ...Stone Oak, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available... 

Ruggable

Textile Designer - Contract Job at Ruggable

 ...results. We are venture-backed and own a patented washable rug design that's disrupting the home dcor industry. Our mission is to empower...  ...: Ruggable is seeking a highly creative, detail-driven Textile Designer to join our Textile Design Team. This role requires a... 

Staffing Data Services Agency

Data Entry Clerk (Work At Home) Job at Staffing Data Services Agency

 ...Data Entry Clerk (Work At Home) Dortmund, NRW, Germany About the Job Data Entry Clerk (Work At Home) This is your chance to start a...  ...needed. You will have adequate opportunity for growth Part-time readily available - choose the days you wish to work A...