GRC Analyst / Information System Security Officer (ISSO)

Join our team at Core One! Our mission is to be at the forefront of devising analytical, operational and technical solutions to our Nation's most complex national security challenges. In order to achieve our mission, Core One values people first! We are committed to recruiting, nurturing, and retaining top talent! We offer a competitive total compensation package that sets us apart from our competition. Core One is a team-oriented, dynamic, and growing company that values exceptional performance!

Core One is seeking Governance, Risk, and Compliance Analyst / Information System Security Officer (ISSO) to support our IC program. This position requires a TS/SCI w/ Poly clearance.

The GRC Analyst / Information System Security Officer (ISSO) is responsible for implementing and maintaining cybersecurity controls, ensuring compliance with federal regulations, and guiding information systems through the Customer’s A&A process. This role requires a deep understanding of federal cybersecurity standards, proactive engagement with stakeholders, and the ability to operate independently in a fast-paced environment.

Key Responsibilities: 

• Lead and execute activities across all RMF phases (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor).
• Develop, review, and maintain accreditation artifacts including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessments, and POA&Ms.
• Monitor compliance with NIST 800-53, 800-171, ICD 503, FedRAMP, FISMA, and agency-specific policies. Prepare for and support audits, inspections, and assessments.
• Conduct vulnerability scanning, compliance checks, risk assessments, and remediation tracking using tools such as Nessus or Tenable.sc.
• Create and maintain security documentation, continuous monitoring strategies, incident response plans, and compliance reports. Provide briefings and status updates to leadership and Authorizing Officials.
• Collaborate with system owners, engineers, and developers to ensure security is integrated into design, development, and operations.
• Support investigation, response, and remediation of security incidents.
• Manage account recertifications, access reviews, and deliver security awareness training at the system level.
• Serve as the primary cybersecurity point of contact for assigned systems, ensuring clear communication with internal and external stakeholders.

Required Qualifications - Lead Level:

• Active TS/SCI with Polygraph.
• Bachelor’s degree in Cybersecurity, Information Systems, or related field (or equivalent experience).
• 5+ years of experience in cybersecurity, governance, risk, compliance, or security engineering roles with at least 3 years working under Sponsor A&A guidelines.
• Direct experience with NIST RMF (NIST 800-53), ICD 503, FedRAMP, or CMMC assessment and authorization processes.
• Hands-on experience with developing/maintaining ATO packages, POA&Ms, and compliance artifacts.
• Working knowledge of vulnerability management, secure enclave architecture, boundary defense, and continuous monitoring.
• Strong written and verbal communication skills, with experience preparing compliance documentation for federal stakeholders.
• Ability to operate independently, manage multiple priorities, and engage effectively with diverse teams.

Required Qualifications - Principal Level:

• Active TS/SCI with Polygraph.
• Bachelor’s degree in Cybersecurity, Information Systems, or related field (or equivalent experience).
• 8+ years of experience in cybersecurity, governance, risk, compliance, or security engineering roles with at least 5 years working under Sponsor A&A guidelines.
• Extensive experience with NIST RMF (NIST 800-53), ICD 503, FedRAMP, and other federal assessment and authorization processes.
• Demonstrated ability to lead the development and review of SSPs, SARs, POA&Ms, Risk Assessments, and Continuous Monitoring Plans.
• Expertise with vulnerability management tools (e.g., Nessus, Tenable.sc) and compliance scanning.
• Strong program/project management skills, particularly in audit preparation and compliance readiness.
• Proven ability to collaborate with cross-functional technical teams and engage with federal authorizing officials.
• Exceptional written and verbal communication skills, with experience producing customer-facing compliance documentation.

Desired Qualifications:

• Knowledge of secure cloud and SaaS environments, including logging/monitoring, encryption, and access controls.
• Familiarity with DevSecOps, CI/CD, and container security practices.
• Experience administering Windows Server or Linux environments.
• Professional certifications such as CAP, NIST Cybersecurity Framework 800-53 Practitioner, NIST Cybersecurity Framework 800-171 Specialist, CISSP, CISM, relevant GIAC certifications, or CISA.
• Strong organizational and analytical skills with the ability to manage multiple projects in a fast-paced environment.

Core One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, or protected veteran status and will not be discriminated against on the basis of disability.