San Antonio, TX, United States

Governance, Risk and Compliance Consultant

 Job Description:

Job Description

Spry Squared is looking for a senior Governance Risk and Compliance Consultant for our client providing support for the Air Force Installation & Mission Control Center (AFIMSC). 

Scope of Responsibilities:

2.1. This is a non-personal service contract to perform duties as the Contractor. The U.S. Government shall neither supervise nor control the method by which the Contractor performs required task herein. These services shall not be used to perform work of a policy/decision making or management nature (e.g. inherently governmental functions). All decisions relative to programs supported by the Contractor shall be the sole responsibility of the U.S. Government.


The Contractor shall:

2.2. Prioritize attaining and maintaining an Authorization to Operate (ATO) status for the Chaplain Corps Accounting Section (CCAC) current accounting system in the most timely manner possible.

     2.2.1. Demonstrate consistent progress attaining and avoiding lapse in ATO.

2.3. Conduct comprehensive assessments of the organization's GRC posture, including but not limited to cybersecurity controls, policies, and procedures.

     2.3.1. Evaluate the organization's GRC posture, focusing on cybersecurity controls, policies, and procedures in compliance with Department of Defense, Air Force, and local policies (AFI 17-101, DoD 8510.01, NIST SP 800-53, NIST SP 800-53, DoD Cloud Computing Security Requirements Guide and all other relevant policies).

     2.3.2. Evaluate compliance with designated accounting software and interoperability with network requirements.

          2.3.2.1. Communicate in writing actionable courses of action and/or recommendations to AFIMSC/A37R or their designated representative.

     2.3.3. Identify weaknesses, vulnerabilities, and areas of non-compliance that need to be addressed.

     2.3.4. Conduct thorough assessments to gain a holistic understanding of the organization's GRC landscape.

     2.3.5. Coordinate with SAF/AA, 502 CS, ACC/A6, DISA, and other agencies as required.

     2.3.6. Lead migration of accounting services to cloud-based services as determined by AFIMSC/A37R.

          2.3.6.1. Attain and maintain ATO for new cloud-based accounting system.

     2.3.7. Coordinate with cloud vendor to ensure FEDRAMP package and inheritance of controls.

2.4. Recommend prescripted strategies to address identified compliance gaps, vulnerabilities, and risks in alignment with industry standards and regulatory requirements.

     2.4.1. Recommend strategies to mitigate compliance gaps, vulnerabilities, and risks in line with DoD and/or AF standards and regulations.

     2.4.2. Develop action plans to address identified issues and ensure alignment with best practices.

     2.4.3. Recommend solutions that enhance the organization's ability to manage and mitigate risks effectively.

2.5. Provide guidance and expertise on the interpretation and application of relevant standards and frameworks, ensuring alignment with organizational objectives and best practices.

     2.5.1. Offer expert advice on interpreting and applying relevant standards and frameworks and identify noncompliance within the organization.

     2.5.2. Provide guidance on aligning governance practices with organizational objectives for improved performance and correction of noncompliance.

2.6. Collaborate with cross-functional teams to design, implement, and maintain effective risk management processes and controls throughout the organization.

     2.6.1. Work closely with teams across different departments to design and implement risk management processes and controls.

     2.6.2. Foster collaboration to ensure that risk management practices are integrated seamlessly into daily operations.

          2.6.2.1. Communicate relevant issues to A37 via staff meetings, electronic communications, direct coordination with CCAC and other directorates as identified by A37R.

     2.6.3. Align risk management efforts with the organization's overall business strategy and goals.

2.7. Assist in the documentation and maintenance of security controls, policies, and procedures, including updates to reflect changes in regulations or emerging threats.

     2.7.1. Document security controls, policies, and procedures to ensure clarity and consistency.

          2.7.1.1. Ensure security of personal identifiable information (PII) and financial information in accordance with established government standards.

          2.7.1.2. Ensure compliance of CCAC systems with DoD/Air Force regulations and local policies.

     2.7.2. Update documentation as needed to reflect changes in regulations or emerging threats.

     2.7.3. Maintain accurate records of compliance activities for audit and reporting purposes.

2.8. Conduct regular reviews and audits to monitor compliance with established frameworks and identify areas for continuous improvement.

     2.8.1. Regularly review and assess compliance with established frameworks and regulations.

     2.8.2. Conduct audits to identify areas for improvement and enhance overall compliance posture.

     2.8.3. Monitor the effectiveness of risk management controls and processes through ongoing evaluation.

2.9. Provide training and knowledge transfer sessions to internal stakeholders on GRC principles, compliance requirements, and risk management best practices to facilitate stakeholders understanding of their roles in maintaining compliance and managing risks effectively. 

Qualifications

REQUIRED QUALIFICATIONS

  • MUST HAVE an active SECRET Clearance.
  • Contractor must attain and maintain International Information System Security Certification (ISC2), Certified in Governance Risk and Compliance (CGRC) or Certified Authorization Professional (CAP) certifications, as per the standards outlined by ISC2 and other relevant certifications as specified by higher headquarters(Note that ISC2 has recently transitioned from CAP to CGRC, and both certifications are considered interchangeable.)
  • Must be Proficient in utilizing Enterprise Mission Assurance Support Service (eMASS), Information Technology Investment Portfolio System (ITIPS) and have demonstrated experience with:
    • Understanding and implementing the Risk Management Framework (RMF).
    • The National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 4 (SP 800-53r4) for security and privacy controls.
    • NIST Special Publication 800-37 Revision 2 (SP 800-37r2) for guidance on applying RMF to federal information systems.
    • NIST Special Publication 800-60 (SP 800-60) for security considerations in the federal information system categorization process.

Additional Information

Pay Range: $100,000 - $150,000 Depending on Experience

All your information will be kept confidential according to EEO guidelines.

Company Description

Spry Squared is a Minority and Woman Owned Small Business headquartered in Colorado Springs, Colorado with offices across the United States of America. We are an experienced federal government and commercial service provider with security cleared personnel working on various projects across the USA and the globe.

Spry Squared provides organizations with Best in Class Enterprise Solutions, Managed IT Services, Cybersecurity Solutions, IT Professional Services, Recruiting Services, Project/Program Management and technology products. We are your strategic partner and value-added reseller, solving complex business challenges by leveraging technology solutions that reduce costs, optimize productivity and minimize risk.

Apply for this job
Or refer someone