Apply on Employer Site

NuHarbor Security · 4 hours ago

Senior Information Assurance Analyst

Atlanta, GA

Full-time

Hybrid

Mid, Senior Level

$85K/yr - $110K/yr

3+ years exp

NuHarbor Security is a company focused on improving cybersecurity for its clients through a comprehensive suite of security services. They are seeking a Senior Information Assurance Analyst to support a long-term Governance, Risk, and Compliance (GRC) program, working closely with clients and third-party service providers to enhance and operationalize GRC processes.

ConsultingCyber SecurityEnterpriseNetwork SecuritySecurity

Culture & Values

No H1B

U.S. Citizen Only

Responsibilities

Serves as a senior Information Assurance and GRC resource supporting a long-term strategic client engagement

Works directly with client stakeholders and third-party service providers to support ongoing GRC activities, assessments, and operational initiatives

Supports execution and continuous improvement of governance, risk, and compliance processes aligned to NIST principles

Leads application of NIST 800-53 and NIST risk management and assessment principles to identify control gaps and risks, and to develop, prioritize, and manage POA&M-driven remediation and risk reduction strategies

Contributes to refinement of GRC workflows, reporting, and compliance tracking capabilities, and supports operational integration of GRC services across security operations and long-term delivery models

Participates in stakeholder meetings, workshops, and information gathering activities across the client and vendor ecosystem

Owns and develops GRC and security program documentation and artifacts, ensuring ongoing accuracy, consistency, and alignment to program requirements

Synthesizes and communicates risk, compliance, and control information in a clear, actionable, and audience appropriate manner

Qualification

NIST frameworksGRC experienceRisk managementPlans of ActionMilestonesSecurity certificationsServiceNow GRCResearchAnalysisStakeholder collaborationCommunication skills

Required

Bachelor's degree and three (3) years of experience in cybersecurity, information assurance, or risk management roles

In lieu of a degree, an additional two (2) years of experience in a related technology or risk management field and relevant industry certifications are required

At least 2 years of hands-on GRC specific experience supporting risk assessments, security control evaluations, compliance requirements and remediation efforts

Demonstrated expertise applying NIST frameworks and risk management principles to assess control implementation, evaluate risk posture, and identify compliance gaps

Demonstrated experience developing, prioritizing, and managing Plans of Action and Milestones (POA&Ms), including remediation planning and risk reduction activities

Demonstrated experience managing, building, or supporting workflows within a GRC platform, including risk, issue, and remediation tracking

Strong written and verbal communication skills with the ability to translate complex risk, control, and compliance concepts into clear, actionable language

Ability to manage and prioritize multiple concurrent workstreams while maintaining focus on long-term program objectives

Ability to perform effective research and analysis through stakeholder interviews, workshops, and document review

Must be a citizen of the United States

Preferred

Holds at least one industry accepted, relevant certification such as Security+, CISM, CISA, CRISC, CISSP, CCSP

Experience supporting long-term or multi-year client engagements and operating within established service delivery models

Experience working with ServiceNow GRC functionality, including risk management, policy and compliance management, issue and remediation tracking, and reporting workflows

Experience collaborating with different stakeholders and service providers in a multi-vendor or shared-responsibility environment