1

Cybersecurity Governance Risk Compliance Jobs in Reston, VA

Knowledge of cybersecurity governance, risk management principles, and compliance management practices. * Skill in leading and managing cybersecurity teams supporting multiple programs, contracts, or ...

Knowledge of cybersecurity governance, risk management principles, and compliance management practices. * Skill in leading and managing cybersecurity teams supporting multiple programs, contracts, or ...

Argo Cyber Systems is seeking a Program Control Analyst to support cybersecurity governance, risk, compliance, and modernization activities in federal environments. The selected candidate will work ...

Training Specialist

Arlington, VA · On-site

$75K - $95K/yr

Argo Cyber Systems is seeking a Training Specialist to support cybersecurity governance, risk, compliance, and modernization activities in federal environments. The selected candidate will work ...

Argo Cyber Systems is seeking a Program Control Analyst to support cybersecurity governance, risk, compliance, and modernization activities in federal environments. The selected candidate will work ...

Argo Cyber Systems is seeking a Training Specialist to support cybersecurity governance, risk, compliance, and modernization activities in federal environments. The selected candidate will work ...

next page

Showing results 1-20

Cybersecurity Governance Risk Compliance information

See Reston, VA salary details

$23.9K

$118.3K

$156.6K

How much do cybersecurity governance risk compliance jobs pay per year?

As of Jul 17, 2026, the average yearly pay for cybersecurity governance risk compliance in Reston, VA is $118,293.00, according to ZipRecruiter salary data. Most workers in this role earn between $104,000.00 and $134,200.00 per year, depending on experience, location, and employer.

What is the difference between Cybersecurity Governance Risk Compliance vs Cybersecurity Analyst?

AspectCybersecurity Governance Risk ComplianceCybersecurity Analyst
CertificationsCISA, CISSP, CISMCompTIA Security+, CISSP, CEH
Work EnvironmentPolicy development, audits, compliance frameworksMonitoring security systems, incident response
Employer & Industry UsageOrganizations with compliance needs, regulatory bodiesIT security teams, cybersecurity firms

While Cybersecurity Governance Risk Compliance focuses on establishing policies, ensuring regulatory adherence, and managing risks, Cybersecurity Analysts primarily monitor security systems, analyze threats, and respond to incidents. Both roles are essential in a comprehensive cybersecurity strategy but differ in scope and daily responsibilities.

What are the key skills and qualifications needed to thrive as a Cybersecurity Governance, Risk, and Compliance (GRC) professional, and why are they important?

To thrive as a Cybersecurity GRC professional, you need a solid understanding of information security frameworks, risk management principles, and regulatory compliance, often supported by a degree in cybersecurity or related fields. Familiarity with tools like GRC platforms (e.g., Archer, ServiceNow), and certifications such as CISSP, CISM, or CRISC are highly valued. Strong analytical thinking, attention to detail, and effective communication skills help you interpret regulations and collaborate with stakeholders. These skills ensure organizations can manage cybersecurity risks proactively while meeting regulatory and industry standards.

What are some typical challenges faced by professionals in Cybersecurity Governance, Risk, and Compliance (GRC) roles?

Professionals in Cybersecurity GRC roles often navigate the challenge of keeping up with rapidly changing regulatory requirements while ensuring company policies align with both business objectives and security best practices. Balancing the need for robust security controls with operational efficiency, educating non-technical stakeholders about risk, and managing audits are common aspects of the job. Additionally, GRC professionals frequently collaborate with IT, legal, and business teams to ensure a cohesive approach to risk management and compliance. This dynamic environment requires strong communication skills, adaptability, and a commitment to continuous learning.

What is Cybersecurity Governance, Risk, and Compliance (GRC)?

Cybersecurity Governance, Risk, and Compliance (GRC) refers to a framework used by organizations to align their IT and security strategies with business objectives, manage risks, and ensure compliance with laws and regulations. Governance involves setting policies and procedures, risk focuses on identifying and addressing threats, and compliance ensures adherence to required standards. Professionals in this field help organizations protect sensitive data, avoid regulatory penalties, and build trust with stakeholders. GRC is essential for maintaining effective cybersecurity and demonstrating due diligence.
What are popular job titles related to Cybersecurity Governance Risk Compliance jobs in Reston, VA? For Cybersecurity Governance Risk Compliance jobs in Reston, VA, the most frequently searched job titles are:
What job categories do people searching Cybersecurity Governance Risk Compliance jobs in Reston, VA look for? The top searched job categories for Cybersecurity Governance Risk Compliance jobs in Reston, VA are:
What cities near Reston, VA are hiring for Cybersecurity Governance Risk Compliance jobs? Cities near Reston, VA with the most Cybersecurity Governance Risk Compliance job openings:
Infographic showing various Cybersecurity Governance Risk Compliance job openings in Reston, VA as of July 2026, with employment types broken down into 1% As Needed, 82% Full Time, 12% Part Time, 1% Temporary, and 4% Contract. Highlights an 93% Physical, 2% Hybrid, and 5% Remote job distribution, with an average salary of $118,293 per year, or $56.9 per hour.
Information Systems Security Engineer with Security Clearance

Information Systems Security Engineer with Security Clearance

SG2 Recruiting

Arlington, VA • On-site

Other

Posted 9 days ago


Job description

SG2 Recruiting is partnering with Wind RiverX to identify an experienced Information Systems Security Engineer / Manager who thrives at the intersection of cybersecurity, compliance, secure systems engineering, and enterprise governance. You'll be joining a rapidly growing defense technology organization supporting some of the nation's most critical missions. Reporting directly to the Senior Director of Compliance, you'll play an active role in building an enterprise cybersecurity program that enable secure innovation while ensuring compliance with Department of Defense, federal, and international security standards. The ideal candidate has hands-on experience supporting highly regulated organizations—particularly FOCI-mitigated environments—and enjoys working alongside engineering, IT, security, and executive leadership to build scalable cybersecurity programs from the ground up. What You Will Be Doing: Lead Governance, Risk & Compliance (GRC) Developing and maintaining enterprise cybersecurity governance programs
Driving compliance with ISO 27001, NIST 800-171, CMMC, RMF, SOX, GDPR, NIS2, TISAX, and related regulatory frameworksCreating and maintaining cybersecurity policies, standards, procedures, and governance documentation
Developing System Security Plans (SSPs), Electronic Communications Plans (ECPs), and Plans of Action & Milestones (POA&Ms)
Partnering with control owners to manage risks, exceptions, and continuous compliance improvements
Drive Enterprise Security Programs Conducting cybersecurity risk assessments
Monitoring security controls and regulatory compliance
Supporting secure systems architecture and enterprise network security initiatives
Collaborating with engineering teams on secure identity management, authentication, authorization, and access control
Supporting secure cloud and hybrid infrastructure environments
Lead Audit Readiness Preparing the organization for internal audits, customer assessments, and regulatory reviews
Coordinating audit evidence collection across cross-functional teams
Supporting CMMC assessments and RMF accreditation activities
Maintaining audit-ready documentation and cybersecurity artifacts
Strengthen Enterprise Resilience Leading Business Impact Assessments (BIAs)
Maintaining business continuity and disaster recovery programs
Conducting tabletop exercises
Developing cyber incident response and continuity playbooks
Manage Third-Party Cybersecurity Risk Performing vendor cybersecurity assessments
Evaluating supplier security documentation
Tracking remediation activities
Supporting cybersecurity contract reviews and right-to-audit requirements
Strengthening supply chain security posture
Partner Across the Business Collaborating with Architecture, Engineering, Product Security, IT, and executive leadership
Supporting Government Security Committee initiatives
Delivering executive briefings on cybersecurity posture and organizational risk
Promoting cybersecurity awareness and role-based training programs
What You Need: U.S. Citizenship and ability to obtain / maintain a Secret Clearance
Seven (7) or more years of cybersecurity, information assurance, GRC, compliance, or audit experience
Experience supporting DoD contractors, federal agencies, FOCI-mitigated organizations, or other highly regulated environments
Experience developing enterprise cybersecurity governance programs
Experience developing and maintaining SSPs, ECPs, and POA&Ms
Working knowledge of: ISO 2700, NIST 800-171, CMMC, RMF, SOX, GDPR, TISAX
Experience with cybersecurity compliance platforms and GRC tools
Strong technical writing, documentation, and communication skills
Ability to communicate effectively with executives, auditors, customers, and technical teams
Ability to meet with team members in Washington, DC Metro office monthly or as needed.
It's a Plus If You Have This: Active Secret Clearance
Experience supporting FOCI-mitigated organizations
Experience establishing cybersecurity programs for newly formed organizations
Secure enterprise architecture experience
Enterprise networking expertise
SOC, SIEM, and SOAR strategy experience
Vendor Risk Management experience
Supply chain cybersecurity experience
Business continuity and disaster recovery leadership
Technical Operations Center experience
Experience with: Splunk, Nessus Security Center, WebInspect, Xacta, Tanium, Microsoft Azure, AWS/C2S, VMware, Nutanix, PowerShell, SQL Security, STIG compliance, SecDevOps
Professional certifications such as: CISSP, CISM, CISA, CEH, ITIL, CCNP, JNCIA, ISO Lead Auditor
What's In It For You: Join a rapidly growing organization focused on national security innovation
Help shape enterprise cybersecurity strategy from the ground up
Work alongside experienced engineers, architects, and cybersecurity professionals
Influence security architecture supporting next-generation defense technologies
Competitive compensation and comprehensive benefits
Opportunity to make a direct impact on mission-critical U.S. defense programs
About the Company Wind RiverX delivers advanced software and engineering solutions for mission-critical aerospace, defense, and intelligent edge systems, supporting some of the world's most demanding operational environments. As a subsidiary of Wind River, whose software has powered aerospace, autonomous systems, commercial aviation, and defense platforms for more than four decades, Wind RiverX combines proven technical excellence with the speed and agility of a modern defense software company. Working closely with government and industry partners, Wind RiverX develops secure, software-defined solutions that strengthen digital resilience across air, land, sea, cyber, and space domains. The company values collaboration, technical excellence, integrity, and innovation while empowering employees to solve some of the nation's most complex technology challenges.