ZipRecruiter

Log In

1

Nist Jobs (NOW HIRING)

next page

Showing results 1-20

All JobsNist Jobs

Nist information

See salary details

$43K

$99.4K

$150K

How much do nist jobs pay per year?

As of Jun 9, 2026, the average yearly pay for nist in the United States is $99,400.00, according to ZipRecruiter salary data. Most workers in this role earn between $79,500.00 and $115,500.00 per year, depending on experience, location, and employer.

What are NIST professionals and what do they do?

NIST professionals are experts who work for the National Institute of Standards and Technology, a U.S. federal agency that develops technology, metrics, and standards to promote innovation and industrial competitiveness. Their work covers a wide range of fields including cybersecurity, engineering, physical sciences, and information technology. NIST professionals conduct research, create standards, and provide guidance to improve the security, quality, and efficiency of products and services in both the public and private sectors.

What are the key skills and qualifications needed to thrive as a NIST (National Institute of Standards and Technology) professional, and why are they important?

To excel as a professional at NIST, you need a strong background in science or engineering, often supported by an advanced degree in a relevant technical field. Familiarity with specialized laboratory equipment, data analysis software, and quality management systems such as ISO/IEC standards is typically required. Critical thinking, attention to detail, and effective teamwork are important soft skills that help drive research accuracy and collaborative innovation. These skills are crucial for advancing measurement science, ensuring rigorous standards, and supporting technological progress across industries.

What are some common challenges faced by NIST cybersecurity professionals when implementing new security frameworks in an organization?

NIST cybersecurity professionals often encounter challenges such as gaining organizational buy-in for new security frameworks, ensuring that existing systems are compatible with the latest NIST standards, and managing the complexities of compliance across multiple departments. Additionally, balancing thorough risk assessments with tight project timelines can be demanding. Collaborating closely with IT, compliance, and executive teams is essential to address these challenges and to ensure successful framework implementation.

What is the difference between Nist vs Cybersecurity Analyst?

AspectNistCybersecurity Analyst
CertificationsTypically no specific certifications required, but familiarity with NIST frameworks is essentialOften requires certifications like CompTIA Security+, CISSP, or CEH
Work EnvironmentDevelops and maintains cybersecurity standards and frameworks for organizationsMonitors, analyzes, and responds to security threats within organizations
Industry UsageUsed across industries for cybersecurity best practices and complianceEmployed in various sectors to protect information systems
Primary FocusCreating and implementing cybersecurity standards based on NIST guidelinesDetecting and mitigating security incidents and vulnerabilities

While NIST focuses on developing cybersecurity standards and frameworks, a Cybersecurity Analyst applies these standards in practical security operations. Both roles are essential in maintaining organizational cybersecurity, with NIST providing the foundational guidelines and the analyst executing security measures based on those guidelines.

More about Nist jobs
What cities are hiring for Nist jobs? Cities with the most Nist job openings:
What states have the most Nist jobs? States with the most job openings for Nist jobs include:
What job categories do people searching Nist jobs look for? The top searched job categories for Nist jobs are:
Nist jobs near you
Infographic showing various Nist job openings in the United States as of May 2026, with employment types broken down into 96% Full Time, 1% Part Time, and 3% Contract. Highlights an 77% Physical, 7% Hybrid, and 16% Remote job distribution, with an average salary of $99,400 per year, or $47.8 per hour.
Information Security GRC Engineer (OneTrust / NIST)

Information Security GRC Engineer (OneTrust / NIST)

Prolim Global

Plano, TX • On-site

Contractor

Posted 6 days ago

Job description

Information Security GRC Engineer (OneTrust / NIST)

Plano, Texas (Hybrid)

Description

We are seeking a hands‑on GRC Engineer & Risk Analytics professional who will implement and scale a NIST‑aligned control and risk framework in OneTrust while also conducting targeted risk and control assessments to validate design and operating effectiveness. You will connect process, data, and automation so department leaders can see—and reduce—risk in near‑real time through role‑based dashboards and scorecards. You’ll partner with Security Engineering, IT, Audit, and business control owners to streamline assessments, evidence collection, POA&M tracking, and reporting.

Focus split: approximately 70% OneTrust configuration, integrations, data modeling, and dashboards; approximately 30% targeted assessments and facilitation.

Module ownership on Day 1: OneTrust Integrated Risk Management (IRM) and Third‑Party Risk Management (TPRM).

What you’ll be doing

  • Model the control framework in OneTrust: map NIST CSF and NIST 800‑53 control families, control objectives, test procedures, evidence types, and ownership.
  • Configure assessment templates (application/infrastructure, inherent/residual risk, third‑party due diligence, control attestations) with automated workflows, notifications, and approvals.
  • Stand up a POA&M lifecycle (defect creation, risk acceptance, due dates, escalations, verifications) and connect to tickets for remediation traceability.
  • Build role‑based dashboards and departmental scorecards that surface KRIs/KPIs (e.g., control coverage, overdue actions, risk heatmaps, SLA adherence).
  • Establish data taxonomy and metadata (assets, business processes, data classifications) aligned to controls and obligations to support consistent analytics.
  • Own the end‑to‑end third‑party risk workflow in OneTrust: inherent risk profiling, tiering, questionnaire selection, and residual risk calculation.
  • Design and maintain due‑diligence questionnaires and control attestations; streamline evidence collection and follow‑ups via automated reminders and SLAs.
  • Track remediation and POA&Ms for vendors; manage risk acceptances, exceptions, and expirations with clear ownership and timelines.
  • Publish vendor scorecards and portfolio‑level insights for department leaders; highlight concentration risk, critical suppliers, and overdue actions.
  • Integrate TPRM data with IRM objects (assets, processes, controls) to show end‑to‑end exposure and dependencies.
  • Integrate OneTrust with CMDB, Risk reporting platforms to auto‑enrich risks, controls, and assets.
  • Define data quality rules and reconciliation checks; implement connectors or API jobs to keep dashboards near‑real‑time and reduce manual evidence collection.
  • Partner with Analytics to publish curated Power BI datasets for executives and technical teams.
  • Conduct spot assessments and control testing to validate design and operating effectiveness and calibrate automation.
  • Translate FFIEC/GLBA/SOX and policy requirements into measurable controls and department‑owned obligations; document rationales and residual risk.
  • Facilitate remediation planning with control owners; track POA&Ms and risk acceptances to closure with clear RACI and deadlines.
  • Create playbooks, test scripts, and user guides; run enablement sessions for control owners and assessors to drive adoption.
    What you’ll deliver in the first 6–12 months:
  • A fully modeled NIST-aligned control catalog in OneTrust IRM and TPRM, complete with owners, testing procedures, evidence, and mapped obligations.
  • 3–5 data integrations operational (for instance, CMDB, Archer, Posture Management) enabling automated evidence and asset-to-control mapping.
  • Departmental scorecards along with an executive dashboard (showing trendlines, heatmaps, top risks, overdue actions, and risk reduction by department).
  • Enhanced assessment throughput with a reduced cycle time (targeting a 30–40% improvement from baseline).
  • Improved on-time completion of POA&M (targeting an increase of 20–30%) with a decrease in repeat findings through structured root-cause identification.
  • Published and operational governance framework artifacts (including a governance calendar, defined roles, training materials, and standard operating procedures).

Requirements

• 5+ years hands‑on experience implementing/administering GRC platforms (OneTrust preferred; Archer/ServiceNow GRC acceptable with commitment to OneTrust ramp‑up).

• Working knowledge of NIST CSF and NIST 800‑53 and how to translate obligations into measurable controls and tests.

• Experience configuring questionnaires, workflows, object models, APIs, and building role‑based dashboards.

• Data skills in Power BI, SQL, or Python for data prep/transformations that feed analytics.

• Ability to tell the risk story—translate technical signal into business‑relevant insights for department leaders.

• Bachelor’s degree or equivalent practical experience.

Added bonus if you have

• OneTrust GRC/IRM certifications; CRISC, CISA, or CISSP.

• Prior integrations with ServiceNow, Jira, SailPoint/IDP, Qualys/Tenable, or cloud platforms (AWS/Azure).

• Experience setting up control attestation/evidence automation and KRI/KPI scorecards across business units.

• Background in financial services or familiarity with FFIEC/GLBA/SOX supervisory expectations.