Sr Analyst - ISO Security Governance
Not Disclosed•Full-TimeOn-site
location_onEggplant Alley, Alkali Flat, Sacramento, Sacramento County, California, 95814, United States
About the Role
This position serves as a strategic partner in navigating the complex landscape of Federal and Department of Defense (DoD) security governance. You will act as a bridge between technical security requirements and business objectives, ensuring that organizational policies align with rigorous federal mandates. The role is designed for a seasoned professional who can translate complex NIST verbiage into understandable business terms while driving the enhancement of security posture across shared services and client projects.
In this capacity, you will collaborate closely with Enterprise Information System Security Officers (ISSO), project ISSOs, and Business Development teams. Your work will directly influence how the organization supports Federal and DoD customers, from vendor assessments and annual risk registers to the maintenance of Governance, Risk, and Compliance (GRC) frameworks. You will be instrumental in advising system owners on security policies and recommending enhancements that keep the organization compliant with evolving regulations such as FISMA, CMMC, and FedRAMP.
Hiring Process
Candidates selected for this opportunity will undergo a multi-stage evaluation designed to assess both technical expertise and cultural fit. The process typically includes an initial screening to verify clearance eligibility and experience alignment, followed by a technical deep-dive focusing on security governance and federal frameworks. Subsequent rounds may involve scenario-based discussions on risk analysis and a final interview with key stakeholders to evaluate communication skills and strategic thinking.
Equal Opportunity & Culture
Maximus is an equal opportunity employer committed to building a diverse and inclusive workforce. We evaluate all qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information, or other legally protected characteristics. Our culture values integrity, collaboration, and the ability to work effectively in a fast-paced, deadline-oriented environment.
Accommodations
Maximus is dedicated to providing reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage—including accessing job postings, completing assessments, or participating in interviews—please contact People Operations at applicantaccom@maximus.com.
Work location
Work model: On-site
Eggplant Alley, Alkali Flat, Sacramento, Sacramento County, California, 95814, United States
Sacramento, California
Key Responsibilities
- check_circlePerform complex risk analyses and risk assessments
- check_circleEstablish and satisfy Information Assurance and security requirements
- check_circleAdvise information system owners on security policies and requirements
- check_circleRecommend enhancements to align security policies with Federal and DoD requirements
- check_circleSupport the management of governance activities including vendor assessments and risk registers
- check_circleCollaborate with ISSOs to ensure alignment of organizational governance
- check_circleMaintain and enhance GRC systems and security awareness training programs
Requirements
- verifiedBachelor's Degree in related field
- verified5-7 years of relevant professional experience
- verified7+ years of security governance development and management
- verifiedCISSP, CISM, CISA, or GRC/audit/risk certifications desired
- verifiedExperience with FedRAMP CSOs
- verifiedRMF and A&A experience desired
- verifiedStrong understanding of Federal requirements (Executive Orders, FISMA, FIPS, CMMC, NIST 800-171, 800-53, 800-60, 800-65)
- verifiedExperience with Federal and DoD GRC tools (CFACTS, CSAM, eMASS)
- verifiedExperience mapping policies to security frameworks
- verifiedSkilled in Microsoft Office, Smartsheet, and Lucid
Nice to Have
Certifications like CISSP, CISM, CISA, or GRC / audit or risk certifications. Experience supporting security governance for organizations using FedRAMP'd CSO's as it pertains to system-specific and hybrid controls. RMF and A&A experience.
Benefits & Perks
check_circleHealth insurance coveragecheck_circleLife and disability insurancecheck_circleRetirement savings plancheck_circlePaid holidays and paid time offShort- and long-term incentives