Junior GRC Analyst

Company: US Main
Location: Washington
Posted on: May 8, 2025

Job Description:

Just internship experience is ok.

Is this the role you are looking for If so read on for more details, and make sure to apply today.

Someone with an accounting and GRC background, not too
technical in terms of using specific software tools

Job Title: Governance, Risk, and Compliance (GRC) Analyst

Location: Remote / Hybrid (U.S. Citizenship Required)
Clearance Level: Ability to obtain and maintain a U.S. Government
security clearance

About the Role:

seeking a detail-oriented and security-minded GRC Analyst
to support the development, implementation, and ongoing maintenance of
security governance, risk management, and compliance activities across
our secure enclave. This role is critical in helping ensure
Federal's compliance with frameworks such as NIST 800-171, CMMC, and
FedRAMP, while supporting internal audit readiness, policy enforcement,
and system lifecycle governance.

Key Responsibilities:

* Maintain and track security control implementation across
Federal systems, with a focus on NIST 800-171 and CUI compliance.
* Support the development, review, and enforcement of baseline
configurations, security standards, and approved software/website
approvals in collaboration with IT operations teams.
* Review system changes submitted through the Change Advisory Board
(CAB) and verify alignment with Federal policies and compliance
requirements.
* Collaborate with technical teams to ensure compliant (ie. least
privilege, deny-by-default, and allow-by-exception) principles are
enforced through tools such as Microsoft Entra ID (Azure AD), Intune,
and Tanium.
* Perform periodic risk reviews of contracts, software requests, and
requests for privileged accounts.
* Support internal audits, readiness assessments, and documentation
reviews related to CUI handling and secure enclave operations.
* Assist in maintaining and enhancing GRC documentation, including
policies, procedures, standards, SSPs, POA&Ms, and audit trails.
* Participate in risk assessments, vendor evaluations, and control
effectiveness reviews.
* Track corrective actions and ensure timely closure of findings from
assessments or internal reviews.

Requirements:

Must Have:

- U.S. Citizenship

- 1-3 years of experience in a GRC, cybersecurity, compliance,
or audit-focused role

- Working knowledge of NIST 800-171, CMMC, FedRAMP, or other
regulatory/compliance frameworks

- Familiarity with tools such as Microsoft Entra ID (Azure AD),
Intune, Tanium, Microsoft Sentinel, and SharePoint

- Strong understanding of change management, access control, and
configuration management processes

- Excellent communication, documentation, and collaboration
skills

- Ability to analyze technical information and translate it into
compliance-focused deliverables

Nice to Have:

- Experience working within a secure enclave or CUI-restricted
environment

- Knowledge of CMMC Level 2+ practices

- Experience using GRC platforms or lightweight tracking systems
like Microsoft Lists

- CompTIA Security+, CISA, CRISC, CISSP or related
certification(s)

- Experience supporting audits, assessments, or incident
response investigations

Keywords: US Main, Alexandria , Junior GRC Analyst, Professions , Washington, Virginia