Comprehensive IT GRC Management NIST-RMF

We are looking for a GRC Specialist with expertise in NIST SP 800-37, SP 800-53, and NIST RMF. Responsibilities / Scope: Primary responsibilities include. • Prepare the RMF assessment guidelines for all levels of the IT organization for information security and information privacy risks. • Identify and categorize the Security Controls • Select (customize) the Controls for all the Control Families • Assist in Implementation – Train the control owners on implementing the controls. • Assess – Provide assessment on the implemented controls, document and review the findings with the IT leadership, and assess the risk posture. • Authorize – Develop the SAR for the internal stakeholders. • Monitor – Regularly monitor the changes in security posture, and help automate the process. Qualifications / Skills: • 5+ years of experience in performing GRC / NIST RMF assessments for regulated enterprises. • Direct hands-on current (within the last 3 years) experience. • Public sector (state and local gov) experience will be a huge plus. Location: • US-only Work: • The GRC Specialist will work in a team with active collaboration throughout the day. Duration & Commitment: • This is a long-term project (potentially multi-year) for continuous assessments and monitoring. • The time commitment could range between 20-40 hours a week. This could also turn into a contract to hire, if interested. The ideal candidate should have a demonstrable track record in IT GRC, experience in risk management and compliance in large organizations, and a deep understanding of IT policies and procedural development, auditing, and preparing reports.