Governance, Risk, and Compliance (GRC) Specialist - Contingent jobs in United States
cer-icon
Apply on Employer Site
company-logo

Aretum ยท 2 days ago

Governance, Risk, and Compliance (GRC) Specialist - Contingent

positionWashington, District of Columbia, United States
timeFull-time
remoteHybrid
seniorityMid Level

Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to customers across defense, civilian, and homeland security sectors. The GRC Specialist supports federal cybersecurity governance, risk management, and compliance activities by implementing and maintaining an effective risk program aligned with FISMA and the NIST Risk Management Framework (RMF).

ConsultingInformation Technology
check
Growth OpportunitiesbadNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Support governance and compliance activities aligned to FISMA and agency cybersecurity requirements, including maintaining documentation and reporting support where applicable
Execute RMF-aligned risk activities across the system lifecycle, including control selection support, implementation validation, and ongoing continuous monitoring
Maintain and update authorization/compliance artifacts (as required by the environment), such as security plans and supporting evidence, ensuring documentation is accurate and audit-ready
Assist with security control assessment coordination by preparing artifacts, mapping evidence to controls, tracking assessment activities, and supporting remediation planning (Assessment methods and procedures are commonly aligned to NIST 800-53A practices)
Develop, manage, and track POA&Ms and remediation actions; collect and validate closure evidence and support risk acceptance processes as needed
Demonstrate and apply working knowledge of network design concepts and partner with technical teams to validate secure configurations and identify weaknesses
Support vulnerability management and security testing coordination for government systems to identify and document vulnerabilities, validate severity/impact, and track mitigation to completion
Support project management activities including work planning, task tracking, stakeholder coordination, meeting facilitation, and status reporting for GRC deliverables
Contribute to policy/standard development and continuous improvement initiatives for governance and risk processes using NIST-aligned control frameworks

Qualification

FISMA complianceNIST Risk Management FrameworkSecurity control assessmentVulnerability managementNetwork design conceptsProject managementDocumentation managementStakeholder coordinationContinuous improvement

Required

Public Trust Eligibility Required
Support governance and compliance activities aligned to FISMA and agency cybersecurity requirements, including maintaining documentation and reporting support where applicable
Execute RMF-aligned risk activities across the system lifecycle, including control selection support, implementation validation, and ongoing continuous monitoring
Maintain and update authorization/compliance artifacts (as required by the environment), such as security plans and supporting evidence, ensuring documentation is accurate and audit-ready
Assist with security control assessment coordination by preparing artifacts, mapping evidence to controls, tracking assessment activities, and supporting remediation planning (Assessment methods and procedures are commonly aligned to NIST 800-53A practices)
Develop, manage, and track POA&Ms and remediation actions; collect and validate closure evidence and support risk acceptance processes as needed
Demonstrate and apply working knowledge of network design concepts and partner with technical teams to validate secure configurations and identify weaknesses
Support vulnerability management and security testing coordination for government systems to identify and document vulnerabilities, validate severity/impact, and track mitigation to completion
Support project management activities including work planning, task tracking, stakeholder coordination, meeting facilitation, and status reporting for GRC deliverables
Contribute to policy/standard development and continuous improvement initiatives for governance and risk processes using NIST-aligned control frameworks

Company

Aretum

twittertwitter
company-logo
ARETUM is a government contracting company specializing in technology-enabled mission support services for the Department of Defense.
dateFounded in 2023
location
Bethesda, Maryland, USA
people-size501-1000 employees
web-link
https://www.aretum.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Bobby Frazitta
Vice President of People
linkedin
leader-logo
Tiffany Bailey
Executive Vice President
linkedin

Recent News

Washington Technology
Aretum returns to M&A with Veterans Engineering purchase
2025-12-13
Venture Capital
Aretum Bolsters Federal Technology Offerings Through Acquisition of Veterans Engineering
2025-12-13
PE Hub
Renovus-backed Artetum picks up govtech firm Veterans Engineering
2025-12-11
Company data provided by crunchbase