Today
Secret
Unspecified
Unspecified
IT - Security
Remote/Hybrid• (Off-Site/Hybrid)
Overview
BigBear.ai (BBAI) is seeking a Lead GRC Analyst to improve and conduct assessments within the Governance, Risk, and Compliance (GRC) program. You will be responsible for enhancing and performing assessments within our GRC strategy and compliance frameworks to maintain the highest levels of security, integrity, and transparency across the company. You will operationalize and mature the GRC tool, document associated business processes, perform risk and compliance assessments, and establish best practices based on legal and regulatory requirements. Organizational change, digital transformation and growth will be hallmarks of day-to-day team activities. This role presents the ideal candidate with the opportunity to exercise both independent work assignments as well as bridge business operations with technology implantations.
Your expertise in deploying policies, standards, and controls, conducting compliance assessments, conducting risk assessments, and deploying/utilizing GRC applications and tools will be crucial in driving the foundation of our cybersecurity program and measuring its maturity as we seek industry and government certification. You will ensure alignment of business processes and operations with cybersecurity industry standards, regulations, and best practices.
This position will report to the Director of GRC.
This position will be remote with possible travel to Washington
What you will do
What you need to have
What we'd like you to have
About BigBear.ai
BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai's predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit https://bigbear.ai/ and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.
BigBear.ai is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation gender identity, national origin, disability or veteran status, age or any other federally protected class.
BigBear.ai (BBAI) is seeking a Lead GRC Analyst to improve and conduct assessments within the Governance, Risk, and Compliance (GRC) program. You will be responsible for enhancing and performing assessments within our GRC strategy and compliance frameworks to maintain the highest levels of security, integrity, and transparency across the company. You will operationalize and mature the GRC tool, document associated business processes, perform risk and compliance assessments, and establish best practices based on legal and regulatory requirements. Organizational change, digital transformation and growth will be hallmarks of day-to-day team activities. This role presents the ideal candidate with the opportunity to exercise both independent work assignments as well as bridge business operations with technology implantations.
Your expertise in deploying policies, standards, and controls, conducting compliance assessments, conducting risk assessments, and deploying/utilizing GRC applications and tools will be crucial in driving the foundation of our cybersecurity program and measuring its maturity as we seek industry and government certification. You will ensure alignment of business processes and operations with cybersecurity industry standards, regulations, and best practices.
This position will report to the Director of GRC.
This position will be remote with possible travel to Washington
What you will do
- Maintain a body of documentation that forms the cybersecurity policy, standards, and controls that will drive the maturity of our cybersecurity program and its compliance. These policies might cover areas such as data privacy, information security, and ethical conduct.
- Build workflows to capture business processes, document selected security control frameworks, and measure control efficacy
- Monitor and interpret relevant regulations, standards, and laws applicable to the enterprise and federal contracting industry. Ensure the company's operations and practices are in line with these requirements.
- Perform Risk Assessments functions include identifying and assessing potential risks that could impact the organization's operations, data security, financial stability, and reputation. Collaborate with relevant stakeholders to develop risk mitigation strategies.
- Evaluate the effectiveness of existing internal controls and recommend improvements.
- Work with different teams to implement and monitor control measures that safeguard the company's assets and data. Streamline control evaluations while limiting control requests.
- Support Audits by collaborating with internal and external auditors to provide necessary documentation and evidence for audits and assessments. Address any identified compliance or risk management gaps.
- Perform compliance assessments and certifications to rigorous certification demands.
- Vendor and Application Risk Management: Assess the risks associated with third-party vendors and applications that the company engages with. Ensure that these vendors and applications comply with relevant regulations and meet the organization's security and risk standards.
What you need to have
- Clearance: Clearance not initially required; however, individual must be clearable to SECRET
- Experience building and deploying a GRC program
- Experience with HIPAA, PCI, SOX, SOC 1/2, ISO 27001, and NIST CSF
- At least 8-10 years as a GRC Analyst, cybersecurity analyst, risk assessor, or auditor
- Proficient understanding of Information technology systems and processes, cybersecurity threats, and risk management practices
- Cyber and cloud security standard frameworks
- Experience with risk assessments, compliance assessments, working with a company's public accounts (SOX ITGC), and reporting on assessment progress
- Must have experience working with the federal government and government frameworks such as NIST 800-53, 800-171, CMMC, etc.
What we'd like you to have
- Experience managing GRC functions using a GRC tool or platform
- CRISC, CISA, CISM, or CISSP (or similar)
- Excellent written communication skills. Must be able to clearly communicate risks at both strategic and tactical level
- Experience leading other cybersecurity functions (such as vulnerability management, incident response, etc.)
About BigBear.ai
BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai's predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit https://bigbear.ai/ and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.
BigBear.ai is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation gender identity, national origin, disability or veteran status, age or any other federally protected class.
group id: 10424449
