IT Governance, Risk and Compliance (GRC) Analyst

REMT - Remote Worker Location

Secure our Nation, Ignite your Future

The IT Governance, Risk, and Compliance (GRC) Analyst will play a key role in the ongoing planning, design, maintenance and improvement of ManTech's IT GRC program, an integrated system of policies, processes, procedures and standards for Information Security and IT Service Management (ITSM) designed to minimize risk to the organization through compliance with industry standard frameworks and government regulations for Information Security, IT Service Management, and Financial Reporting.


  • Support the planning, design, implementation of the system to manage IT Governance, Risk, and Compliance with industry standard frameworks and government regulations including CMMC, NIST 800-171, ISO 27001, SOX 404 ITGC, ISO 20000-1, and CMMI-SVC ML3

  • Maintain, monitor, and continually improve IT GRC system to include management of authority documents, IT policies, controls, control objectives, risk assessments, and status dashboards, tracking of internal/external audit and assessment findings, risks, issues, and other GRC artifacts

  • Collaborate with key system and process owners to develop, document, and maintain IT policies, standards, processes, procedures, and other documentation to include identifying where processes can be streamlined

  • Prepare for and support internal and external IT and Information Security audits and assessments to include business and IT stakeholder communication and coordination

  • Prepare and present updates to senior IT leadership, including control deficiencies, root cause analysis, and remediation plans

  • Manage and monitor remediation plans/Plans of Action & Milestones (POAMs) required to ensure system and program vulnerabilities and audit findings are resolved by technical teams within required timeframes

  • Collaborate cross-functionally with members of the GRC, Cyber Security Services, and other IT operations and service delivery teams to ensure effective governance and compliance across the Enterprise Information Services organization

  • Monitor and measure the effectiveness of Information Security, ITSM, and IT General Controls to include performing regular analysis and compliance reporting tasks across management systems

  • Perform continual improvement activities to include documenting, implementing, and evaluating opportunities for improvement, and conducting lessons learned sessions

  • Perform ad-hoc special projects as needed

 Required Skills and Experience:

  • Bachelor's degree in a related discipline and 5 or more years of relevant experience in Information Technology and/or Information Security OR Associate's degree and 7 or more years of experience OR a High School Diploma/GED and 9 or more years of relevant experience.

  • Knowledge of Governance, Risk, and Compliance frameworks and regulations such as NIST 800 Series, CMMC 2.0, ISO 27001, ISO 20000-1, ITIL, CMMI, SOX 404 ITGC

  • Experience in Information Security and IT compliance audits and assessments

  • Understanding of information security principles and practices

  • Strong analytical and problem-solving skills to identify and assess risks and compliance issues

  • Experience managing needs, requirements, and expectations of stakeholders at all levels

  • Strong project management skills to handle multiple tasks and prioritize effectively

  • Excellent written and verbal communication skills; proven ability to succinctly and accurately articulate information and data including  skills to effectively communicate with stakeholders at all levels

  • Attention to detail and ability to analyze complex data and information

  • Continuous learning mindset to stay updated with evolving regulations and best practices in GRC

 Preferred Skills and Experience:

  • Certifications demonstrating expertise in specific areas of governance, risk, and compliance, as well as understanding of IT and cybersecurity principles and practices (e.g., CISA, CRISC, CISM, CMMC-RP, ISO 27001 and ISO 20000-1 requirements, PMP, ITIL, ServiceNow CSA or CIS)

  • ServiceNow Platform and ITSM analyst experience

  • Experience with ServiceNow GRC and PPM

  • Able to assert own ideas and actively demonstrate influencing skills to persuade others at all levels in the company

Physical Requirements:

  • Must be able to be in a stationary position more than 50% of the time

  • Must be able to communicate, converse, and exchange information with peers and senior personnel

  • Constantly operates a computer and other office productivity machinery, such as a computer

  • The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations

  • The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.

The projected compensation range for this position is $90,200-$149,600. There are differentiating factors that can impact a final salary/hourly rate, including, but not limited to, Contract Wage Determination, relevant work experience, skills and competencies that align to the specified role, geographic location (For Remote Opportunities), education and certifications as well as Federal Government Contract Labor categories. In addition, ManTech invests in it’s employees beyond just compensation. ManTech’s benefits offerings include, dependent upon position, Health Insurance, Life Insurance, Paid Time Off, Holiday Pay, Short Term and Long Term Disability, Retirement and Savings, Learning and Development opportunities, wellness programs as well as other optional benefit elections.

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access as a result of your disability. To request an accommodation please click and provide your name and contact information.

Apply now Apply later
  • Share this job via
  • or

Tags: Audits CISA CISM CMMC Compliance CRISC Governance ISO 27001 ITIL NIST Risk assessment SOX Vulnerabilities

Perks/benefits: Career development Health care Insurance Wellness

Region: Remote/Anywhere
Job stats:  177  42  3

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.