• Subject Matter Expert II - Governance, Risk & Compliance

    Job Location
    # of Openings
    Security Clearance
    Active Secret
    Percentage of Travel Required
    Regular Full-Time
  • Overview

    Provide daily operational support on all governance and compliance activities, processes, and procedures.


    • Provide support for Security Authorization and Assessment (SA&A) and Privacy Risk Assessment (PRA) within Agency’s processes Plan of Action and Milestone (POA&M) management for systems
    • Manage and report on all SA&A and risk management artifacts, tools, and system inventory in CSAM repository or Agency-approved risk management system
    • Manage Security and Privacy Controls and Security Requirements Catalog (in accordance with NIST 800-53 R4) that provides specific tailoring of the controls and requirements
    • Maintain all CISO and Privacy owned SA&A documentation and artifacts such as System Security Plans, Privacy Impact Assessments, Contingency Plans, Contingency Plan Tests, Disaster Recovery Plans, etc.
    • Perform risk assessments, develop security baseline, enter POA&Ms, review change requests, and support engineering activities that support remediation activities for projects
    • Maintain the agency’s Cyber Security Assessment and Management system and for Risk Assessment (RA) processes
    • Provide input to the agency risk appetite statement, mission level risk appetite statements and other Enterprise Risk Management (ERM) policies and procedures
    • Collaborate with business functions to develop risk profiles and thresholds
    • Monitor mitigation and remediation efforts on significant control deficiencies to ensure appropriate and/or agreed upon corrections
    • Stay abreast of and support compliance with applicable federal regulations and guidelines


    • Education:
      • Bachelor’s Degree preferred
    • Required Knowledge/Experience:
      • Combination of 10 years’ experience and education or more of demonstrated experience in Governance and Risk Management required
      • Ability to comprehend, analyze, interpret, communicate and apply government regulations related principles and practices, and agency instructions, procedures and policies
      • Advanced research, analytical, and problem-solving skills
      • Significant experience in managing multiple priorities independently and/or in a team environment to achieve goals
      • Significant experience in working with all levels of staff, management, stakeholders, vendors
      • Advanced skill to influence, negotiate, and persuade to reach agreeable exchange and positive outcomes
      • Advanced skill influencing and building consensus with business partners
      • Advanced skill presenting findings, conclusions, alternatives, and information clearly and concisely
    • Preferred Knowledge/Experience:
      • Experience with the Cyber Security Assessment and Management (CSAM) GRC system
      • Experience working with cloud-based systems (e.g. Azure or AWS)
      • Experience derived from working in a structured consulting environment (e.g. big 5)

    Other Responsibilities

    • Perform other tasks consistent with the goals and objectives of the department/contract
    • Perform other duties as assigned by Sr Program Executive

    Invest in a company that invests in you! Copper River provides its employees with ample opportunities for career growth and development. Tuition reimbursement is offered to help employees further their education and skillset. Other perks include Open Leave, 401k matching with immediate vesting, Medical, Vision, and Dental coverage.


    EEO/AA Employer Minorities/Females/Vets/Disability


    Disclaimer: The above statements are intended to describe the general nature and level of work performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed