Cybersecurity Risk Analyst (GRC)

TL;DR

Cybersecurity Risk Analyst (GRC): Managing unclassified information system risk and compliance efforts with an accent on DFARS and CMMC regulatory requirements. Focus on conducting gap assessments, developing remediation plans, and performing continuous monitoring of security controls.

Location: Cambridge, MA. Must be able to obtain and maintain a government Secret clearance.

Salary: $82,300 - $220,000

Company

hirify.global is an independent, nonprofit research and development company focused on solving national challenges in military defense, space exploration, and biomedical engineering.

What you will do

• Lead CMMC compliance and certification efforts, including gap assessments and remediation plans.
• Serve as a subject matter expert for frameworks including NIST SP 800-171/53, DAAPM, and RMF.
• Provide technical risk guidance for cloud security (Azure, AWS), hybrid infrastructures, and Zero Trust initiatives.
• Perform risk assessments and vulnerability analysis using ServiceNow IRM, Nessus, and Splunk.
• Develop and promote enterprise-wide processes for analyzing and assessing cybersecurity risks.
• Deliver risk posture and compliance reports to executive leadership.

Requirements

• Bachelor's degree in Information Systems, Cybersecurity, or a related field.
• 4+ years of experience in cybersecurity and IT, specifically in compliance and risk management roles.
• Strong working knowledge of NIST SP 800-171, NIST SP 800-53, CMMC, and FedRAMP.
• Experience developing System Security Plans (SSP), POA&Ms, and Risk Assessment Reports.
• Ability to obtain and maintain a US government Secret security clearance.

Culture & Benefits

• Support for work-life balance through workplace flexibility.
• Employee clubs (e.g., photography, yoga) and off-site social events.
• Professional development via health and finance workshops.
• Discounts to local museums and cultural activities.