ARETUM

Governance, Risk, and Compliance Specialist – Contingent

ARETUM

full-time

Posted on:

Location Type: Hybrid

Location: WashingtonDistrict of ColumbiaWashingtonUnited States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

CloudCyber Security

About the role

  • Support governance and compliance activities aligned to FISMA and agency cybersecurity requirements, including maintaining documentation and reporting support where applicable
  • Execute RMF-aligned risk activities across the system lifecycle, including control selection support, implementation validation, and ongoing continuous monitoring
  • Maintain and update authorization/compliance artifacts (as required by the environment), such as security plans and supporting evidence, ensuring documentation is accurate and audit-ready
  • Assist with security control assessment coordination by preparing artifacts, mapping evidence to controls, tracking assessment activities, and supporting remediation planning (Assessment methods and procedures are commonly aligned to NIST 800-53A practices)
  • Develop, manage, and track POA&Ms and remediation actions; collect and validate closure evidence and support risk acceptance processes as needed
  • Demonstrate and apply working knowledge of network design concepts and partner with technical teams to validate secure configurations and identify weaknesses
  • Support vulnerability management and security testing coordination for government systems to identify and document vulnerabilities, validate severity/impact, and track mitigation to completion
  • Support project management activities including work planning, task tracking, stakeholder coordination, meeting facilitation, and status reporting for GRC deliverables
  • Contribute to policy/standard development and continuous improvement initiatives for governance and risk processes using NIST-aligned control frameworks

Requirements

  • Minimum 5 years of experience in cybersecurity governance, risk, or compliance (GRC), preferably supporting federal or regulated environments
  • Demonstrated experience in project management, network design concepts, and testing the security of government systems to identify vulnerabilities
  • Working knowledge of the NIST RMF and how it is used to manage security and privacy risk across categorization, control selection/implementation, assessment, authorization, and continuous monitoring
  • Familiarity with the purpose and structure of NIST 800-53 security and privacy controls and how controls map to evidence and system security practices
  • Familiarity with security control assessment concepts and the use of assessment procedures (e.g., NIST 800-53A-style approaches)
  • Strong technical writing skills and ability to produce clear, defensible documentation for auditors and leadership
  • Experience supporting federal authorization packages and security assessment deliverables (e.g., SAP/SAR, evidence collection, audit response)
  • Familiarity with FedRAMP concepts for cloud environments (if the client environment includes cloud services)
  • Experience briefing technical and non-technical stakeholders and translating control requirements into practical implementation guidance
Benefits
  • Health Care Plan (Medical, Dental & Vision)
  • Retirement Plan (401k)
  • Life Insurance (Basic, Voluntary & AD&D)
  • Paid Time Off
  • Family Leave (Maternity, Paternity)
  • Short Term & Long-Term Disability
  • Training & Development

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
cybersecurity governancerisk management framework (RMF)NIST 800-53NIST 800-53Asecurity control assessmentvulnerability managementnetwork design conceptsproject managementsecurity testingdocumentation
Soft skills
technical writingstakeholder coordinationmeeting facilitationstatus reportingpolicy developmentcontinuous improvementcommunicationcollaborationproblem-solvingattention to detail