cFocus Software Incorporated

Compensation

Full Description

Incident Management / Governance Risk Compliance (GRC)Job OverviewcFocus Software is seeking a highly experienced Subject Matter Expert IV (Incident Management / Governance Risk Compliance – GRC) to support HHS. This is a new program for Security Tools and Infrastructure Modernization (STIM) contract with the U.S. Department of Health and Human Services (HHS). The SME IV will provide technical leadership in incident management, governance, risk, and compliance, ensuring adherence to federal cybersecurity standards and supporting enterprise risk management strategies. This role can be in Atlanta, GA, Washington, DC or remote.Responsibilities • Lead and support cybersecurity incident management processes, including triage, escalation, and response. • Administer and manage Governance, Risk, and Compliance (GRC) platforms such as Archer, ServiceNow GRC, or equivalent. • Ensure compliance with federal standards including NIST SP 800-53 Rev. 5, FISMA, CIS Controls, and FedRAMP. • Develop and maintain policies, procedures, and compliance documentation. • Support enterprise risk assessments, vulnerability management, and control testing. • Prepare audit reports and compliance dashboards for executive stakeholders. • Collaborate with incident response, SOC, and engineering teams to align GRC processes with security operations. • Provide mentorship and guidance to junior cybersecurity analysts. Required Experience • 10+ years of cybersecurity operations, compliance, and governance experience. • Expertise in incident management, governance, risk, and compliance platforms. • Strong knowledge of federal cybersecurity frameworks including NIST SP 800-53 Rev. 5, FISMA, and FedRAMP. • Experience leading compliance teams and delivering audit support in federal environments. • Proven ability to provide technical leadership and mentor junior staff. Education & Certifications • Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred). • CISSP (Certified Information Systems Security Professional) certification required. • CISM (Certified Information Security Manager) and/or CRISC (Certified in Risk and Information Systems Control) preferred. • Additional certifications such as CISA or ISO 27001 Lead Implementer are highly desirable. Clearance Requirement • Must be eligible to obtain and maintain a Public Trust (High-Risk, Level 5) clearance.