Join the HJF Team!

HJF is seeking a Governance, Risk and Compliance (GRC) Analyst to collaborate with process owners, internal assessors, external assessors, external auditors, and other stakeholders to review, monitor, and resolve findings related to Information Technology (IT) and Cybersecurity (CS) compliance. This role involves the design and execution of HJFs Compliance program, ensuring adherence to existing and emerging regulations, and contributing to the transformation of the company's IT compliance program.

The Henry M. Jackson Foundation for the Advancement of Military Medicine (HJF) is a nonprofit organization dedicated to advancing military medicine. We serve military, medical, academic and government clients by administering, managing and supporting preeminent scientific programs that benefit members of the armed forces and civilians alike. Since its founding in 1983, HJF has served as a vital link between the military medical community and its federal and private partners. HJF's support and administrative capabilities allow military medical researchers and clinicians to maintain their scientific focus and accomplish their research goals.

Develop and maintain a compliance program; ensuring enterprise level security and service management are aligned to business objectives to include applicable laws and regulations.
• Conduct internal risk and vulnerability assessments, validation testing, compliance reviews, and audits following NIST standards.
• Assist in the development and maintenance of security policies, standards, and guidelines.
• Work with GIS to ensure the alignment of security systems with system and organizational processes.
• Manage and support external assessments and audits associated with IT and CS.
• Promote widespread implementation of NIST standards (e.g., 800.53, 800.171, CSF, RMF, etc.).
• Maintain a central repository for assessment evidence.
• Inform stakeholders of important concerns and hazards as it pertains to Compliance.
• Collaborate with IT, GIS, HJF business units and Program offices to ensure the alignment of GRC objectives.
• Stay informed on procedures and industry best practices.
• Assist in responding to inquiries from business units regarding ongoing operational compliance.
• Proactively seek areas for improvement and provide valuable advice on process enhancements to the Director of Governance, Risk and Compliance.
• Other duties as assigned.

Education and Experience

• Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or a related field is required.
• 3+ years of direct experience in information security, with a primary focus on risk and compliance. To include 3 years of conducting NIST focused assessments.

Required Knowledge, Skills and Abilities

• Thorough understanding of market structures and relevant regulatory compliance requirements (ISO27001, SOC 2, NIST, FedRamp, CMMC, PCI, GDPR, etc.).
• Knowledge of identity management standards, storage, and disaster recovery in the cloud.
• Familiarity with GRC tool techniques and best practices (e.g., ZenGRC, OneTrust, Archer).
• Proven track record of organizing and executing risk and compliance projects.
• Effective written and verbal communication skills for cross-functional collaboration.
• Possess strong analytical and problem-solving abilities.

Licenses and Certifications

• Must be working toward CISSP, CRISC, CGRC, and CISA.

Work Environment

• This position will take place primarily in an office setting.

Some HJF employees are required to be fully vaccinated against COVID-19. Proof of vaccination or an approved religious or medical accommodation will be required.

Employment with HJF is contingent upon successful completion of a background check, which may include, but is not limited to, contacting your professional references, verification of previous employment, education and credentials, a criminal background check, and a department of motor vehicle (DMV) check if applicable. Any qualifications to be considered as equivalents, in lieu of stated minimums, require the prior approval of the Chief Human Resources Officer.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)