TSS Governance, Risk, and Compliance (GRC) Sr. Advisor

Clearance Level
Information Security
Remote, Based in Tennessee

REQ#: RQ88475

Travel Required: Less than 10%
Public Trust: None
Requisition Type: Regular
  • The ability to develop, document and implement business processes and/or procedures.

  • Requires highly effective communication and interpersonal communication skills. Must be able to conduct briefings, and correctly interpret security control verbiage

  • Requires strong analytic and problem-solving skills and the ability to adapt to a changing environment.

  • Must be able to identify, and if necessary, modify proposed recommendations that effectively address business and control needs.

  • The ability to train and guide others in this area is a plus.

  • Has expertise with FISMA, OMB, NIST, Federal Government or private sector security certification requirements. Understands IT Security and Privacy compliance issues· Leads the execution efforts of all ATO-related activities for a given information system and develops all supporting documentation for that system.· Has an advanced understanding of information systems and architectures.

  • Has the ability to work across multiple projects simultaneously.· Has expertise with several security platforms, including but not limited to firewalls, intrusion detection systems, two-factor authentication systems, antivirus systems, secure email gateway appliances, web filtering proxy, security information and event management (SIEM) platforms, data-loss prevention, vulnerability detection & remediation, content filtering and identity & access management.

  • Demonstrates expertise in designing secure networks, systems, & application architectures; in disaster recovery technologies & methods; in planning, researching, & developing security policies, standards & procedures; in system administration activities; and in supporting multiple platforms and applications.· Demonstrates expertise with cloud Platform-as-a-Service (PaaS) and security testing tools.

  • Conducts regular assessments of continuous monitoring activities and the security controls that have been implemented to support those activities.· Demonstrates an understanding of vulnerability management; specifically, how to respond to vulnerability reports and which remediation actions are appropriate to take.· Understands the process of information system categorization and how to use that process to select security controls to create system and accreditation documentation.

  • Maintains knowledge of relevant network and security technologies and trends.


  • BA/BS (or equivalent experience) and 10+ years experience in Information Security, IT Assurance, IT Governance, Risk Management and/or Cyber Engineering

  • Requires two or more of the following: Governance risk, assurance or security certifications: CISSP, CRMA, CGEIT, CRISC, CISM, CISA, CBCP, GIAC, CompTIA Security + or related governance certifications.

  • US Citizenship to obtain clearance


  • Full-flex work week

  • 401K with company match

  • Internal mobility team dedicated to helping you own your career

  • Collaborative teams of highly motivated critical thinkers and innovators

  • Ability to make a real impact on the world around you

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.