Governance, Risk, and Compliance (GRC) Functional Lead

Overview

LMI is seeking a senior Governance, Risk, and Compliance (GRC) Lead to support LMI’s Office of the Chief Information Security Officer (OCISO), working in a flexible, hybrid schedule from our Headquarters office in Tysons Corner, VA. This position will work collaboratively with the Chief Information Security Officer (OCISO), Information Technology (IT), Cybersecurity Team, project teams, and business stakeholders to ensure cohesive success across LMI.

Responsibilities

The GRC Lead will be responsible for delivering all GRC-related functions in compliance with CMMC/NIST 800-171, ISO 27001, and other frameworks, and developing strategy and methodologies for success. This position will provide advice and guidance across LMI for GRC-related initiatives. The GRC Lead will provide risk management by assessing risk from system changes, new projects, vulnerabilities, and throughout the System Development Life Cycle (SDLC). The GRC Lead will prepare risk management recommendations for the CISO’s approval and work collaboratively with other technical staff to develop technical mitigations and requirements/solution development. The GRC Lead will manage continuous monitoring by ensuring all routine and scheduled continuous assessment activities are occurring through technical, manual, and automated means. This position will also utilize our GRC platform to manage/maintain control status, upload artifacts, and product reporting. The GRC

Lead will draft and maintain currency of all policies and ensure procedures, processes, and other documentation are current, accurate, high-quality, and acceptable for compliance and risk. The GRC Lead may support Privacy and Export Control areas.

This position will also perform other related duties, as assigned.

Qualifications

• Able to attain and maintain US Secret clearance
• Currently holds active CISSP, CISM, GSLC, C|CISO certification, or similar senior-level, GRC-related certification
• Additional related certifications, such as PMP, CEH, CIPP, SANS, technology-specific, or others, preferred
• Excellent verbal and written communications skills
• Masters degree; or Bachelor’s Degree with commensurate years of experience
• 10 years of experience as an ISSO, ISSM, or Security Controls Assessor in Federal environment under NIST 800-53 and NIST Risk Management Framework
• Experience successfully supporting a corporate security environment under ISO 27001, ISO 20000, ISO 9001, COBIT, COSO, or similar industrial frameworks
• Successful in highly collaborative work environments
• Successful experience as a team lead, supervisor, or manager role preferred
• Successful experience using GRC tools to manage compliance, perform self-assessments or audits, upload artifacts, and perform continuous monitoring
• Experience performing risk assessments on changes, vulnerabilities, new systems/projects, data governance, and
• Experience participating in Change Management Boards, Architecture Review Boards, Change Advisory Boards, or similar change management teams
• Experience providing GRC functions with Controlled Unclassified Information (CUI)
• Experience providing GRC functions with Privacy frameworks, i.e., Privacy Act of 1974, Health Insurance Portability and Accountability Act (HIPAA)