Job Summary:

NOVA-Dine is seeking a Governance Risk Compliance Analyst to join their growing team! The candidate will proactively review, update, and maintain cybersecurity policy, guidance documents, directives, templates, and materials to ensure all documentation reflects and incorporates the most recent version of all Government cybersecurity program documentation.

*This position is dependent upon position award*

Job Duties and Responsibilities:

With direction, the candidate will provide Cyber security and Privacy requirements and guidance, including, but not limited to the following:

• Provide a qualified and stable workforce, submitting pre-vetted and completed Security Clearance Package for all proposed personnel.
• Provide meeting support and documentation, e.g., provide administrative and technical support for meetings, as required; coordinate scheduling and meeting notifications including the preparation of briefing slides, agendas, handouts, and other supplementary materials; prepare and distribute meeting minutes including action items/tasking/due outs and responsibility matrix for all meetings with the Government; have all action items clearly delineated with due dates and task owners.
• Facilitate a Monthly status meeting.
• Provide a Monthly Status Report (MSR).
• Develop, edit, format, and modify cybersecurity documentation, including policies, standards, procedures, user manuals, and other related materials, ensuring consistency in formatting, language, and structure across all documentation.
• Provide a gap analysis, with recommendations for improvement, of existing Cyber security policies, handbooks, standards and procedures and recommend disposition (i.e. continued use as is, needs revision, or rescind)
• Perform Cybersecurity Assessment and Management (CSAM) inventory review and update plan with schedule monthly.
• Report Authority To Operate (ATO) packages to the Government as required.
• Conduct Supply Chain Risk Assessments, ensuring that IT Checklist are properly vetted to meet data security requirements. This process should be integrated into the overall risk management framework and should inform the development and updating of cybersecurity policies and procedures.
• Report Government risk metrics to the Risk Register on a monthly basis based on the deliverables schedule
• Provide demonstrated subject matter expertise in CSAM performing the following tasks:
• Review security assessments and upload relevant documentation to CSAM
• Manage Plans of Action and Milestones (POA&Ms), including creating POA&M reports
• Develop CSAM administration skills, manage user accounts, and provide 1-on-1 training to users
• Generate reports and ensure CSAM compliance.
• Collaborate with stakeholders, including Information System Security Officers (ISSOs), to update data in CSAM
• Work closely with all relevant stakeholders to complete data calls and gather necessary information for the development, review, and updating of cybersecurity documentation. This may involve coordinating with various teams, conducting interviews, and collecting data from multiple sources.
• Manage SharePoint Cyber Security Team Folders performing the following tasks:
• Maintain and organize the SharePoint folders for the Cyber Security Team's Governance, Risk, and Compliance (GRC) documentation.
• Ensure proper access controls and permissions are set for the relevant stakeholders.
• Implement a folder structure and naming conventions that facilitate easy navigation and retrieval of documents.
• Regularly review and archive outdated or obsolete documents to keep the folders organized and up to date.
• Have demonstrated understanding of Government standards, requirements, and guidance from entities including but not limited to Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology (NIST), Cybersecurity and Infrastructure Security Agency (CISA), Office of Management and Budget (OMB).
• Have proven experience in writing formal reports with minimal errors and performing research, documenting findings, performing analysis, and making recommendations based on research.
• Have comprehensive knowledge of developing, editing, formatting, and modifying cybersecurity documentation, including policies, standards, procedures, user manuals, and other related materials, ensuring consistency in formatting, language, and structure across all documentation
• Other duties as assigned.

Job Requirements (Education/Skills/Experience):

Education: BS/BA in appropriate field (or equivalent)

Experience: 6+ years of CyberSecurity Asset Management (CSAM) experience

Certifications: CGRC Certification, minimum

Clearance: Public Trust - Must have ability to obtain

Work Schedule: Minimum of three (3) days per work week on site.

Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC's ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.

#LI-DNP