GRC Risk & Exception Registers Analysts

Who we are

Technuf, LLC is a Maryland based SBA certified 8(a) small business company providing leading-edge and proven technologies, industry vertical domain expertise and highly skilled and motivated professionals to achieve our customers’ mission critical business needs.

What we’re looking for

Technuf is seeking a skilled and experienced GRC Risk & Exception Registers Analysts.

Responsibilities

• The contractors will undertake the responsibility of overseeing the receipt, documentation, data entry, monitoring, and continuous maintenance of information related to risks or exceptions (based on the position) within the program's dedicated risk or exception register (based on the position). This will be facilitated through the utilization of a customized SharePoint list. Additionally, they will be accountable for the prompt and judicious dissemination of relevant data pertaining to risks or exceptions (based on the position) when deemed necessary.
• The contractors shall be tasked with developing and/or updating Power BI visuals, reports, and dashboards with the objective of offering comprehensive insights into the County's risk or exception (based on position) landscape.
• The Contractors will assume a leadership role in organizing, conducting, and documenting discussions related to risks or exceptions (based on position). These discussions will primarily be conducted using MS Teams and will involve participation from fellow GRC team members, departmental points-of-contact, or users (based on position), technology subject matter experts, County management, risk assessors, penetration testers, and auditors.
• The contractors will function as the central liaison, assuming the key role of facilitating education, communication, and ensuring strict compliance with the NIST 800-53 framework of controls, which has been adopted by the County.
• The contractors will be tasked with the responsibility of diligently maintaining procedural documentation, which includes identifying and documenting continuous process improvement recommendations.
• Risk/Exception Register Administration - Administration of the GRC program's risk or exception process (as determined by the position). This includes proficiently managing the input, updating, and closure of records via the appropriate SharePoint customized list-based register as necessary. Furthermore, the contractor will be expected to adeptly upload document artifacts into the designated SharePoint Team site document repository. Effective communication, both in written and verbal forms, will be a central element of this responsibility.
• Program Metrics - Creation and continuous management of Power BI visualizations, dashboards, and reports. These tools will serve to provide a dynamic representation of the current risk landscape, derived from verified and active risk data. This role underscores the importance of presenting accurate and up-to-date risk metrics to support informed decision-making within the program.
• Partner Relationships - Nurture and maintain robust working relationships with third party partners, risk assessors, penetration testers, auditors, and internal County partners. The primary aim is to facilitate the seamless flow of clear, concise, and timely communication, ultimately enhancing collaboration and information-sharing. This role emphasizes the importance of effective stakeholder engagement and productive partnerships in achieving program objectives.
• ServiceNow Tickets – Initiating, processing, communicating, and closing of ServiceNow tickets, as deemed necessary and in alignment with program requirements. This role underscores the importance of efficient ticket management to support operational effectiveness.
• Program Procedures – The continuous maintenance and updating of procedural documentation related to the risk or exception register (as determined by the position). This includes the ongoing identification of potential areas for process improvement. The role emphasizes the importance of maintaining clear and up-to-date procedures that support efficient program operations.

Education

• Bachelor's degree from an accredited college or university.

Experience

• NIST 800-53 – A practical comprehension of the application of the NIST 800-53 set of controls within an organizational context.
• Office 365 Suite of Products – Demonstrated competence in the use of the Office 365 suite of products.
• SharePoint Customized Lists - Working knowledge of editing list columns, creating, and accurately updating list records and uploading document artifacts to the appropriate document folder.
• Power Bi – Basic understanding of creating/maintaining Power Bi visuals, dashboards, and reports.
• Risk Register/Policy Exception Log – Demonstrated competence in maintaining risk registers and/or policy exception logs.

Benefits

We offer a competitive pay and benefits package that includes generous paid-time-off including holidays, short-and-long-term disability; group health insurance including medical, dental and vision coverage, training and 401(k) retirement plan.

Technuf is an Equal Opportunity/Affirmative Action Employer. Members of ethnic minorities, women, special disabled veterans, veterans of the Vietnam-era, recently separated veterans, and other protected veterans, persons of disability and/or persons age 40 and over are encouraged to apply.