1

Grc Risk Analyst Jobs in Washington (NOW HIRING)

Risk Mitigation Specialist

Washington, DC ยท On-site

$111K/yr

Continuously curate, analyze, and maintain risk management-related data in support of Intel ... or GRC/IRM tools. Preferred Qualifications * Master's degree in Business Administration, Public ...

Continuously curate, analyze, and maintain risk management-related data in support of Intel ... or GRC/IRM tools. Preferred Qualifications * Master's degree in Business Administration, Public ...

Sr. Analyst - SCRM

VA ยท On-site +1

$88K - $116K/yr

... GRC, Coupa Risk, or equivalents). - Demonstrated experience performing supplier due diligence (pre-award and periodic), maintaining SCRM risk registers, and driving remediation and exception ...

Continuously curate, analyze, and maintain risk management-related data in support of Intel ... or GRC/IRM tools. Preferred Qualifications * Master's degree in Business Administration, Public ...

Manager, Cyber Risk & Analysis

Mclean, VA ยท On-site

$112K - $151K/yr

Manager, Cyber Risk & Analysis Capital One is one of the fastest growing organizations in the world ... Oversee and direct the organization's GRC initiatives to achieve and maintain compliance with ...

Manager, Cyber Risk & Analysis

Mclean, VA ยท On-site

$112K - $151K/yr

Manager, Cyber Risk & Analysis Capital One is one of the fastest growing organizations in the world ... Oversee and direct the organization's GRC initiatives to achieve and maintain compliance with ...

Conduct risk assessments including Process, Risk & Control (PRC) reviews; coordinate GRC monitoring ... Provide focused analysis on Top 25 SF Servicer performance, monitor CRR Servicing Risk Scores

next page

Showing results 1-20

Grc Risk Analyst information

What is the difference between Grc Risk Analyst vs Compliance Analyst?

AspectGrc Risk AnalystCompliance Analyst
CertificationsISO 31000, FRM, CRISCISO 19600, CCEP, CISA
Work EnvironmentRisk management teams, corporate officesRegulatory departments, corporate offices
Industry UsageFinance, banking, insurance, corporate riskFinancial services, healthcare, manufacturing
Job FocusIdentifying, assessing, and mitigating risks across enterpriseEnsuring compliance with laws and regulations

While both roles involve regulatory and risk considerations, a Grc Risk Analyst focuses on enterprise-wide risk management strategies, whereas a Compliance Analyst concentrates on adherence to specific laws and regulations. Both roles require similar certifications and often work in overlapping industries, but their core responsibilities differ in scope and focus.

What are GRC Risk Analysts?

GRC Risk Analysts are professionals who specialize in Governance, Risk, and Compliance (GRC) within an organization. They assess and manage risks related to business operations, ensure compliance with relevant laws and regulations, and help implement policies and controls to mitigate potential threats. These analysts work closely with management to identify vulnerabilities, develop risk management strategies, and monitor the effectiveness of compliance programs. Their goal is to protect the organization from financial, legal, and reputational harm while supporting business objectives.

What are the key skills and qualifications needed to thrive as a GRC Risk Analyst, and why are they important?

To thrive as a GRC (Governance, Risk, and Compliance) Risk Analyst, you need a solid understanding of risk management principles, regulatory requirements, and compliance frameworks, often supported by a degree in information security, business, or a related field. Familiarity with GRC platforms (such as RSA Archer or MetricStream), risk assessment methodologies, and certifications like CRISC or CISA is highly valuable. Strong analytical thinking, attention to detail, and effective communication skills help you identify risks and convey findings to stakeholders. These skills are critical for ensuring organizational compliance, minimizing risk exposure, and supporting informed decision-making.

What are some common challenges a GRC Risk Analyst might face when implementing new risk management frameworks within an organization?

A GRC Risk Analyst often encounters challenges such as resistance to change from stakeholders, integrating new frameworks with existing processes, and ensuring consistent understanding across departments. Aligning risk management practices with organizational goals while adhering to regulatory requirements can also be complex. Success in this role requires strong communication skills, adaptability, and the ability to educate and collaborate with team members from diverse backgrounds.
What job categories do people searching Grc Risk Analyst jobs in Washington look for? The top searched job categories for Grc Risk Analyst jobs in Washington are:
What cities in Washington are hiring for Grc Risk Analyst jobs? Cities in Washington with the most Grc Risk Analyst job openings:
Infographic showing various Grc Risk Analyst job openings in Washington as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 82% Full Time, 11% Part Time, 1% Temporary, and 4% Contract. Highlights an 81% Physical, 7% Hybrid, and 12% Remote job distribution.

GRC / NIST RMF Specialist

Apogee Global RMS

Washington, DC โ€ข On-site

Full-time

Re-posted 3 days ago


Job description

Apogee Global RMS is seeking a GRC / NIST RMF Specialist to support federal programs requiring disciplined governance, risk, and compliance execution. This role is built for practitioners who understand the full lifecycle of NIST RMF, can translate controls into actionable engineering guidance, and can partner with federal stakeholders to drive accreditation success.

You will serve as a trusted advisor across security, engineering, and mission teams โ€” ensuring that compliance is not a paperwork exercise but a strategic enabler of secure operations.

What You Will Lead:

  • Full lifecycle NIST RMF execution (Categorization โ†’ Continuous Monitoring)
  • Development and refinement of SSPs, POA&Ms, SARs, and control evidence packages
  • Security control assessments, gap analyses, and remediation planning
  • Advisory support for ATO readiness, audit preparation, and stakeholder coordination
  • Risk analysis and prioritization aligned to mission, system, and organizational impact
  • Collaboration with engineering teams to ensure controls are implemented effectively
  • Continuous monitoring strategy, reporting, and compliance sustainment

Requirements

Certifications:

  • CISA
  • CRISC
  • CISM
  • NIST RMF training (FedVTE or equivalent)
  • ISO 27001 Lead Auditor is a meaningful differentiator, especially for commercialโ€‘adjacent bids

Technical & Functional Expertise:

  • Deep understanding of NIST 800โ€‘53, NIST RMF, and federal security baselines
  • Experience preparing ATO packages and supporting federal accreditation processes
  • Ability to translate compliance requirements into clear, actionable engineering tasks
  • Strong writing and documentation skills for federal audiences
  • Experience working with ISSOs, ISSEs, SCA teams, and federal program leadership

Location & Clearance:

  • Must reside in the NCR (DC/MD/VA)
  • Secret clearance minimum; clearable candidates considered

Expected Skills:

  • Operates with precision, structure, and clarity
  • Understands both the technical and policy sides of federal cybersecurity
  • Can guide teams through complex accreditation processes without friction
  • Communicates confidently with auditors, assessors, and mission stakeholders
  • Thrives in highโ€‘trust, highโ€‘impact advisory environments

Benefits

Why Apogee:

Apogee supports federal programs in this prime engagement where governance and risk decisions directly influence mission readiness. Youโ€™ll work with senior stakeholders, shape compliance strategy, and operate in an environment that values expertise, discipline, and operational excellence.

How to Apply

For any questions (OR) to apply, please contact us at careers@apogeeglobalrms.com.