Title: Senior GRC Analyst Location: Chicago United States Job Description: Description Sargent & Lundy is a leading consulting engineering firm specializing in the power and energy sectors. Since 1891, we have provided comprehensive engineering, design, and consulting services for both traditional and renewable power generation, grid modernization, nuclear power, and beyond. Our mission is to help clients achieve their energy goals effectively by leveraging advanced technologies and adopting sustainable practices. Role Overview Sargent & Lundy is seeking a proactive, data-driven, and detail-oriented Senior GRC Analyst to lead key pillars of Governance, Risk, and Compliance (GRC) with a primary emphasis on enterprise Information Security, TPRM, contract governance, and cross-functional coordination with Legal and Procurement. You will own cyber training, communications, and phishing simulations, and drive measurable outcomes through strong data analysis and dashboard reporting (KPIs/KRIs). You will support audit readiness and regulatory alignment across frameworks such as ISO 27001, SOC 2, NIST CSF/171, and CMMC. You will also guide privacy-aligned practices (e.g., GDPR) and lead effective policy implementation through clear procedures, controls, and adoption plans. Essential Responsibilities - Lead and mature the Third-Party Risk Management (TPRM) program: Develop & manage vendors inventory, conduct risk reviews of third-party vendors, define tiering/scoping, evaluate controls, track obligations/findings through closure, and standardize evidence retention in collaboration with Legal and Procurement. - Drive strong contract management with Legal and Procurement: Standardize security and privacy clauses, review S&L client contracts, negotiate requirements, and ensure obligations are tracked, owned, and reported. - Own the security awareness & training program end-to-end: Develop curriculum, coordinate communications, execute phishing simulations, analyze outcomes, and improve effectiveness using KPI/KRI dashboards and trend reporting. - Administer and optimize GRC platforms and workflows (e.g., Hyperproof) to maintain visibility into risks, assessments, findings, and audit deliverables; establish SLAs and performance indicators. - Develop risk management & risk assessment practice, conduct risk assessments, develop and manage risk register with clear tracking of risks and accountability. - Advance security governance by drafting, maintaining, and operationalizing policies, standards, procedures, and roles & responsibilities; lead change management and communications to ensure policy implementation and adoption. - Coordinate evidence and execute control readiness for ISO 27001, SOC 2, NIST CSF, CMMC (gap analysis, control testing, POA&Ms), and support automation that reduces workload. - Support privacy-aligned practices (e.g., GDPR): contribute to data classification/handling standards, data mapping/records of processing, privacy-by-design reviews, incident/breach alignment, and retention practices. - Oversee governance for Business Continuity and Disaster Recovery and Backup & Recovery in partnership with IT (plan maintenance, exercises, lessons learned, reporting). - Lead cross-functional coordination with IT, HR, Finance, Legal, and business teams to embed compliance into operations and accelerate remediation of findings. - Manage security tasks/projects and report progress via standardized dashboards, scorecards, and executive-ready narratives, highlighting risk, performance, and trends. - Define, publish, and automate metrics & management reporting (KPIs/KRIs) for training effectiveness, phishing trends, vendor risk, audit readiness, privacy/policy adoption, and control performance. - Continuously upgrade information security skills, contribute to Information Security team skill development with playbooks, enablement sessions, and knowledge-sharing. - Support government contract compliance reviews and tracking, ensuring obligations are documented, monitored, and evidenced. Core Areas of Responsibility (Scope) - Information Security Governance, Policies, Standards, Procedures, and Roles & Responsibilities. - Risk Management - Information security risk management and risk assessments - Compliance management - Audit evidence management, audit coordination and compliance monitoring - Third Party Risk Management - Third Party Risk Management, Vendor Assessments, Client Contract Reviews and obligation management. - Security Awareness & Training - including communications and phishing simulations: Hoxhunt and Mimecast - Coordination with IT, HR, Finance, Legal, and Business Teams. - Security Tasks/Projects Management. - Metrics & Management Reporting - strong emphasis on data analysis and dashboarding. Information Security Team Skill Development. - Government Contract Compliance Reviews and Tracking. - Deep Knowledge of Governance & Privacy - Policy lifecycle management and control mapping; demonstrated ability to translate policy into procedures/controls and drive organization-wide policy implementation and adoption. - Privacy principles and GDPR-aligned practices (e.g., data classification/handling, data mapping/records of processing, privacy by design, incident/breach communications aligned to policy). - Compliance standards and frameworks (ISO 27001, NIST CSF, SOC 2, CMMC). - Third-party risk, software intake governance, audit readiness, and evidence management. - Security & TPRM Tools - TPRM platforms: ProcessUnity (Vendor Risk, Contract/Obligations, Issues/Findings tracking). - TPRM intelligence/workflow: OneTrust, BitSight (as applicable). - GRC/risk registers: Hyperproof (risk, controls, evidence, audits). - Data analytics and reporting: Power BI and Excel (for KPI/KRI dashboards and executive reporting). - Business Continuity and Disaster Recovery Process Oversight. - Backup & Recovery Process Oversight. - Mentoring, cross functional team collaboration and executive reporting This position offers the flexibility of a hybrid schedule with the expectation of 3 days per week in our downtown Chicago office, and 2 days remote from home. Qualifications Required Qualifications - Bachelor's degree in computer science, information systems, or related field; or equivalent professional experience. - 5+ years in GRC or related domains, including leadership/ownership of programs or workstreams. - Strong understanding of ISO 27001, SOC 2, NIST CSF; experience with CMMC readiness. - Practical knowledge of privacy and GDPR with the ability to implement policy via procedures, controls, communications, and training. - Proven expertise in risk management, compliance operations, policy/standards, vendor risk, resilience, security training/awareness, and audit readiness. - Advanced data analysis skills with the ability to design and maintain KPI/KRI dashboards, translate data into insights, and present executive-ready reporting. - Familiarity with security technologies across on-prem and cloud environments; strong problem-solving and systems thinking. - Professional certifications (e.g., CISSP, CISM, CRISC) are advantageous. Soft Skills - Compassionate Candor: Provide candid, actionable feedback to enhance team performance and individual growth. - Seek to Understand: Embrace curiosity and a commitment to continuous learning, fostering an environment of collaboration and innovation. - We Before Me: Actively collaborate and engage diverse perspectives to ensure collective success. - Do What You Say: Take ownership of commitments, prioritizing and delivering on key initiatives. - Light Up Learning: Encourage bravery in trying new ideas, sharing failures as opportunities for growth and learning. - Driven by Passion: Connect personal passion to the mission, demonstrating resilience in the face of challenges while pursuing organizational goals. Why Join Us? - Work in an established company that values innovation and growth. - Engage with a collaborative team that is dedicated to making a meaningful impact in the energy sector. - Gain exposure to cutting-edge projects and contribute to data-driven decision-making processes. We do not sponsor employees for work authorization in the U.S. for this position. Award-Winning Benefits At Sargent & Lundy, we care about the health and well-being of our employees. Our commitment extends beyond the workplace, offering comprehensive healthcare plans and generous paid time off to support our team members in every aspect of their lives. We understand the importance of work-life balance, which is why we are proud to provide competitive, award-winning benefits. Our dedication to employee satisfaction has earned us the prestigious Top Workplaces Culture Excellence Award for compensation and benefits in 2022, 2023, and 2024. Health & WellnessFinancial BenefitsWork-Life Balance - Health Plans: Medical, Dental, Vision - Life & Accident Insurance - Disability Coverage - Employee Assistance Program (EAP) - Back-Up Daycare - FSA & HSA - 401(k) - Pre-Tax Commuter Account - Merit Scholarship Program - Employee Discount Program - Corporate Charitable Giving Program - Tuition Assistance - First Professional Licensure Bonus - Employee Referral Bonus - Paid Annual Personal/Sick Time (PST) - Paid Vacation - Paid Holidays - Paid Parental Leave - Paid Bereavement Leave - Flexible Work Arrangements Compensation Range $100,010.00 - $144,190.00 Transparency Statement Sargent & Lundy discloses compensation ranges that comply with all local and state regulations. The total compensation package for eligible positions will include a base salary or an hourly rate and a comprehensive benefits package, reflecting our commitment to rewarding performance and supporting the overall well-being of our employees. Individuals may also be eligible to participate in our yearly discretionary bonus. Awards & Recognition Equal Opportunity Sargent & Lundy is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability status, protected veteran status, or any protected status as defined by applicable law.

Role Description Protect your homeland and defend your culture. Join USCIS, America's frontline defense against illegal foreign infiltration and fraud. This entry-level role requires no college degree and offers up to $50,000 in signing and retention bonuses. If you're driven and ready to serve with pride, join USCIS and become a vital part of homeland security! Qualifications - The qualifications for this position must be met by 11:59 PM (Eastern Time) on 09/29/2026. - Time in Grade does not apply to Delegated Examining Announcements. - This announcement is issued under the Direct Hire Authority to recruit for positions for which the Department of Homeland Security, U.S. Citizenship and Immigration Services, has a critical hiring need. - GS-05: You qualify at the GS-05 level if you possess three (3) years of general experience, one (1) year of which was equivalent to at least the GS-04 level in the federal government, that equipped you with the skills needed to successfully perform the duties of the position. You must have experience performing the following duties: - Analyzing problems, gathering pertinent data and recognizing solutions; - Planning and organizing work to ensure timely completion; - Communicating clearly, both orally and in writing. - OR You may substitute successful completion of a Bachelor's degree or a full 4-year course of study in any field leading to a Bachelor's degree for the experience required at the GS-05 grade level. - GS-07: You qualify at the GS-07 level if you possess one (1) year of specialized experience, which is equivalent to at least the GS-05 level in the federal government, that equipped you with the skills needed to successfully perform the duties of the position. You must have experience performing the following duties: - Performing preliminary examinations of applications and petitions for immigration benefits, evaluating evidence and drafting appropriate correspondence; - Ensuring required supporting documentation is included in application package(s) and applying necessary immigration laws, policies and procedures; - Reviewing immigration benefit applications to determine adjudicative decision. - OR You may substitute successful completion of one year of fulltime graduate education for the experience required at the GS-07 level. - OR You may also substitute superior academic achievement for the experience required at the GS-07 level. Requirements - It is your responsibility to ensure that you submit your responses and appropriate documentation prior to 09/29/2026. - Your resume will be used to determine your qualifications for the position advertised in this announcement. - Limit your resume to no more than two pages. - Be clear and specific when describing your work history. - Your application will be rated and ranked based on your responses to the online questions. - Please ensure EACH work history includes ALL of the following information: - Job Title (include series and grade if Federal Job) - Duties (be specific in describing your duties) - Employer's name and address - Supervisor name and phone number - Start and end dates including month, day and year (e.g. June 18 2007 to April 05 2008) - Start and end dates for each grade/pay level if you've held a federal position. - Full-time or part-time status (include hours worked per week) - Salary - Determining length of General or Specialized Experience is dependent on the above information. - Overstating your qualifications and/or experience in your application materials may result in your removal from consideration. Benefits - Up to $50,000 in signing and retention bonuses.

Position Overview The Cyber Security Analyst IV serves as a senior subject matter expert and program lead for the Governance, Risk, and Compliance (GRC) function supporting federal information systems. This position is responsible for defining RMF strategies, managing risk posture across multiple authorization boundaries and integrating privacy and cloud compliance into enterprise governance frameworks. The analyst provides executive-level insights on compliance performance and authorization readiness. Major Activities (Typical Duties/Responsibilities) - Oversee enterprise GRC and RMF programs, ensuring consistency across multiple system authorizations and enclaves. - Direct the risk management process, ensuring risk identification, quantification and treatment strategies align with federal and agency guidance. - Lead assurance activities, validating that control implementations meet the intent of NIST 800-53 Rev.5 requirements. - Govern SSP and POA&M quality, establishing standards, templates and review checkpoints across systems. - Oversee cloud service provider assessments, ensuring proper inheritance of FedRAMP controls and shared responsibilities. - Provide leadership for privacy and data governance, ensuring integration of PIA activities into RMF documentation. - Develop and track Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure compliance and risk health. - Drive adoption of GRC automation, Continuous Controls Monitoring (CCM) and compliance analytics. - Serve as primary point of contact during audits, IG reviews and authorization package evaluations. - Mentor analysts and guide cross-functional teams on risk-informed decision-making and RMF optimization. - Perform other duties as appropriate and as assigned. Knowledge/Skills/Abilities - In-depth expertise with NIST 800-37, NIST 800-53 Rev.5, and FISMA implementation. - Proven success managing enterprise risk, assurance, and audit readiness programs. - Knowledge of quantitative risk models (e.g., FAIR, ISO 31000) and risk dashboards. - Good interpersonal skills: ability to work effectively and cooperatively with all levels of management and staff, affiliated-company employees as well as outside business associates; exhibits a professional manner in dealing with others. - Work independently, as well as on a team and with minimal supervision. - Make decisions, solve problems, and exercise excellent judgment and analytical skills. - Work well under pressure and independently prioritize workload, while working on multiple projects. - Ability to research, organize and analyze technical information with particular attention to accuracy and details. - Excellent written and verbal communication skills; including thorough knowledge of proper grammar, advanced vocabulary, spelling, editing and proofreading skills. - Proficient using Microsoft Office products, such as Word, Excel and PowerPoint, and industry-standard computer software and databases. - High degree of sensitivity regarding confidential information. Physical Abilities - Sufficient fine motor skills for the use of computers, calculators with an ability to withstand repetitive keyboarding for extended periods of time. - Visual and communications ability adequate to perform the essential functions of the job. - Ability to kneel, bend and twist at the waist on an occasional basis. - Ability to reach below shoulder height with regular frequency (desk position) and at or above shoulder height on occasion. - Ability to push, pull, carry, and lift objects weighing up to 10 pounds on a regular basis, and greater weights on an occasional basis. - Ability to travel by vehicle or aircraft, and ability to safely operate a motor vehicle. Minimum Qualifications - Bachelor’s degree in Cybersecurity, Information Assurance, or a related technical discipline and at least eight (8) years of progressive experience in cybersecurity, including experience leading RMF and FISMA compliance in a federal or contractor environment, or an equivalent combination of education, experience and training. - Ability to pass a background and drug screening. - Must have identification compliant with the Real ID Act at time of hire. - Must be able to obtain Department of Energy access badge. - Must be able to obtain and maintain a U.S. government security clearance. Preferred Qualifications - Experience with enterprise GRC solutions (e.g., RegScale, ServiceNow GRC, Archer, eMASS, or similar). - Expertise in FedRAMP, supply chain risk and vendor assurance. - Demonstrated leadership in cross-domain governance (cyber, privacy and mission systems). - Experience with privacy program implementation and integration. - Relevant certifications such as CISSP, CISM, CRISC, CAP/CGRC, CIPP/US or similar. Pay Range: $110,275.00-$198,468.00/ yearly Benefits: OSC Technical Solutions offers excellent benefits for eligible employees. Benefits include paid holidays, paid time off, 401k with employer match, dental, vision, health insurance plans through the Federal Employee Health Benefits (FEHB) program, as well as life and disability benefits. OSC Technical Solutions does not discriminate, and the company provides equal employment opportunity for all employees and applicants without regard to race, religion, color, sex, gender, sexual orientation, national origin, citizenship status, age, marital status, pregnancy or parenthood, handicap or disability, genetics, veteran status or any other legally protected characteristic. OSC Technical Solutions adheres to all federal, state and local laws regarding equal employment opportunity and will not discriminate against you in violation of these laws. OSC Technical Solutions reserves the right to apply CIRI Shareholder preference to qualified Shareholders in employment and advancement opportunities. OSC Technical Solutions participates in E-Verify. We will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization. Reasonable Accommodation: OSC Technical Solutions will provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities. In compliance with the ADA Amendments Act (ADAAA), if you have a disability and would like to request an accommodation in order to apply for a position with OSC Global, LLC or any of its subsidiaries, please email recruiting@ciri.com. Location United States (Remote) Department Master Infrastructure & Site Services IDIQ Employment Type Active, Full-Time Minimum Experience Experienced Compensation $110,275-$198,468

Position Overview The Cyber Security Analyst III serves as an experienced practitioner within the organization’s GRC program, managing NIST RMF lifecycle activities, conducting risk and control assessments and coordinating assurance and privacy initiatives for federal information systems. The analyst ensures that security documentation, continuous monitoring and remediation efforts meet FISMA and NIST standards, supporting ongoing authorization and compliance maturity. Major Activities (Typical Duties/Responsibilities) - Lead system-level RMF activities, ensuring SSPs, risk assessments and POA&Ms are current and complete. - Conduct independent risk assessments, evaluating the impact and likelihood of findings and recommending mitigation strategies. - Manage POA&M lifecycle, ensuring closure of findings through remediation or documented risk acceptance. - Perform control assurance reviews, validating implementation and effectiveness across control families. - Coordinate cloud and third-party compliance assessments, reviewing FedRAMP packages and continuous monitoring deliverables. - Support privacy compliance, ensuring alignment with NIST privacy requirements. - Generate and present risk and compliance status reports to system owners and cybersecurity leadership. - Provide mentorship and guidance to junior analysts on RMF and GRC documentation standards. - Collaborate across Security, IT and Privacy teams to ensure alignment between operational controls and compliance objectives. - Perform other duties as appropriate and as assigned. Knowledge/Skills/Abilities - Strong working knowledge of NIST 800-37, NIST 800-53 Rev.5 and FISMA implementation. - Ability to produce metrics dashboards and executive compliance reports. - Demonstrated ability to lead risk assessments, control validations and POA&M tracking. - Familiarity with privacy controls, cloud compliance and continuous monitoring. - Good interpersonal skills: ability to work effectively and cooperatively with all levels of management and staff, affiliated-company employees as well as outside business associates; exhibits a professional manner in dealing with others. - Superior organizational, follow-up and detail-oriented skills. - Strong ability to analyze documents and categorize appropriately. - Ability to maintain accurate records. - Work independently, as well as on a team and with minimal supervision. - Make decisions, solve problems and exercise excellent judgment. - Work well under pressure and independently prioritize workload, while working on multiple projects. - Ability to research, organize and analyze technical information with particular attention to accuracy and detail. - Excellent written and verbal communication skills; including thorough knowledge of proper grammar, advanced vocabulary, spelling, editing and proofreading skills. - Proficient using Microsoft Office products, such as Word, Excel and PowerPoint, and industry-standard computer software and databases. - High degree of sensitivity regarding confidential information. Physical Abilities - Sufficient fine motor skills for the use of computers, calculators with an ability to withstand repetitive keyboarding for extended periods of time. - Visual and communications ability adequate to perform the essential functions of the job. - Ability to kneel, bend and twist at the waist on an occasional basis. - Ability to reach below shoulder height with regular frequency (desk position) and at or above shoulder height on occasion. - Ability to push, pull, carry and lift objects weighing up to 10 pounds on a regular basis, and greater weights on an occasional basis. - Ability to travel by vehicle or aircraft, and ability to safely operate a motor vehicle. Minimum Qualifications - Bachelor’s degree in Cybersecurity, Information Systems, or related technical discipline and five (5) years of progressive experience in cybersecurity, including experience supporting or leading FISMA RMF compliance or cybersecurity governance functions, or an equivalent combination of experience, education and training. - Ability to pass a background and drug screening. - Must have identification compliant with the Real ID Act at time of hire. - Must be able to obtain Department of Energy access badge. - Must be able to obtain and maintain a U.S. government security clearance. Preferred Qualifications - Proficiency with GRC platforms (e.g., RegScale, ServiceNow GRC, Archer, eMASS or similar). - Experience coordinating FedRAMP Moderate or High inheritance reviews. - Certifications such as CISM, CISA, CAP/CGRC, CRISC or CIPP/US. - Demonstrated success leading cross-functional audit or authorization activities. Pay Range: $89,596-$158,000 Benefits: OSC Technical Solutions offers excellent benefits for eligible employees. Benefits include paid holidays, paid time off, 401k with employer match, dental, vision, health insurance plans through the Federal Employee Health Benefits (FEHB) program, as well as life and disability benefits. OSC Technical Solutions does not discriminate, and the company provides equal employment opportunity for all employees and applicants without regard to race, religion, color, sex, gender, sexual orientation, national origin, citizenship status, age, marital status, pregnancy or parenthood, handicap or disability, genetics, veteran status or any other legally protected characteristic. OSC Technical Solutions adheres to all federal, state and local laws regarding equal employment opportunity and will not discriminate against you in violation of these laws. OSC Technical Solutions reserves the right to apply CIRI Shareholder preference to qualified Shareholders in employment and advancement opportunities. OSC Technical Solutions participates in E-Verify. We will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization. Reasonable Accommodation: OSC Technical Solutions will provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities. In compliance with the ADA Amendments Act (ADAAA), if you have a disability and would like to request an accommodation in order to apply for a position with OSC Global, LLC or any of its subsidiaries, please email recruiting@ciri.com. Location United States (Remote) Department Master Infrastructure & Site Services IDIQ Employment Type Active, Full-Time Minimum Experience Mid-level Compensation $89,596-$158,000