Role Description As a GRC Analyst, you will support the risk management program and related processes across all aspects for the business. The GRC Analyst is responsible for assisting the Risk Manager with the day-to-day tasks of the risk management program, including compliance monitoring reviews and other key initiatives. - Coordinate and conduct periodic audits of internal controls, focusing on regulated client industries to ensure compliance. - Understand and maintain proficiency with: - NIST 800-171 - NIST 800-53 - NIST Cybersecurity Framework (CSF) - Service Organization Controls (SOC) 2 for Service Organizations: Trust Services Criteria - Conduct internal control audits and monitoring of security controls, configuration standards, and procedures. - Provide management with reporting results and metrics. Track remediation efforts and provide guidance regarding process and control gaps. - Implement new processes and procedures to align with control frameworks. - Perform recurring risk analysis on vendors, audit results, vulnerability testing, and security assessments to identify security issues. - Assist with and participate in updates, testing, remediation, and planning for: - Security Policy - Business Continuity Plan - Disaster Recovery Plan - Incident Response Plan - Ensure documents align with industry standards and business process changes. - Interface with customers to prepare information request responses regarding policies, procedures, compliance standards, etc. - Maintain control and risk registers and provide guidance to owners. - Assist with the creation and administration of security awareness programs and educational efforts. Track employee compliance. - Compile data and prepare reports for management, security leadership team, and security team. - Accurately maintain and comply with documentation, communication, time entry, and administrative procedures in a timely manner. Qualifications - Bachelor’s degree in business or technology related fields and three years’ experience in information security, risk management, audit, or compliance; or an equivalent combination of education and experience. Requirements - Knowledge of basic cybersecurity principles. - Knowledge and understanding of NIST 800-171 and NIST 800-53 frameworks. - Knowledge or experience with data privacy laws, CJIS, CMMC or other similar regulations preferred but not required. - Ability to apply an organization's goals and objectives to develop and maintain architecture. - Proficiency with business collaboration tools such as Office applications. - Demonstrates attention to detail. - Effective organizational and time/task management skills. - Ability to prioritize responsibilities and to operate with changing priorities; Strong ability to exercise independent judgment. - Self-starter with the ability to perform with little or no direct supervision. - Excellent communication skills in working with technical and non-technical people and the ability to develop and maintain collaborative relations among all levels of an organization. - Treats people with respect; works with integrity and ethically; upholds organizational values. - Follows policies and procedures; Completes administrative tasks correctly and on time; Supports organization's goals and values. - Demonstrates accuracy and thoroughness; Looks for ways to improve and promote quality; Applies feedback to improve performance; Monitors own work to ensure quality. Benefits - Pay Range: $63,256 - $98,047 annually - The pay range listed for this position is based on candidate's skill level, experience, relevant licenses, and educational background. - For detailed information about our benefits, please visit our careers page at www.marconet.com/careers .

• The Security Analyst Level 1 is responsible for monitoring, analyzing, and responding to security incidents and events to protect MSP customer assets. • This entry-level position involves working closely with the security team to ensure compliance with security policies and procedures, assist in risk assessments, and contribute to the implementation of security measures.

Company Overview: TestPros is a successful and growing business, established in 1988 to provide Information Technology (IT) technical support services to a wide range of Commercial and U.S. Federal, State, and Local Government customers. Our capabilities include Program Management, Program Oversight, Process Audit, Intelligence Analysis, Cyber Security, NIST 800-53, NIST SP 800-171 / CMMC Consulting/Assessment/Compliance, PCI Compliance, HIPAA, SOC 2, GLBA, Zero Trust, Resiliency, Computer Forensics, Software Supply Chain Assurance, Software Testing, Test Automation, Section 508 and WCAG Accessibility Assessment and Remediation, Localization Testing, Independent Verification and Validation (IV&V), Quality Assurance (QA), Compliance, and Research and Development (R&D) services. TestPros is an Equal Opportunity Employer. Position: Part time (as needed, 1099 or Corp. to Corp) Job Summary: The ideal candidate will have strong hands-on experience conducting independent security control compliance assessments using guidelines from NIST (800-53, 800-171) and assessment automation via OSCAL (Open Security Controls Assessment Language). You must have security controls and OSCAL experience in both U.S. Government and Commercial environments. FedRAMP experience is a plus... Required Qualifications - Proven OSCAL experience (at least two years). - 5+ years of hands-on security controls assessment and development of Security Assessment Plan (SAP), Security Assessment Report (SAR) and Plan of Actions and Milestones (POA&M). - Experience with RegScale, Paramify, or similar tools. - Experience with government, public sector, or municipal IT environments is highly preferred. - Ability to write clear, professional, and actionable technical reports. - Full U.S. Citizenship, and ability to pass an extensive background check. Preferred Skills - Experience with NIST 800-53 based ATO assessment, NIST 800-171/CMMC assessment, and/or HIPAA assessment. - Ability to produce a set of interoperable, extensible, machine-readable formats that supports a broad range of control-based risk management processes (XML-, JSON-, and YAML-based formats that allow for lossless translations between XML, JSON, and YAML representations). - Familiarity with U.S. Government security policy requirements. - Experience coordinating with multi-agency or cross-organizational IT teams. - Expertise with common tools such as Kali Linux, Burp Suite, Nmap, Metasploit, Nessus/Tenable, and Wireshark. Engagement Details - Estimated Start: April 2026 - Estimated Duration: TBD - Work Location: Fully Remote - Clearances: Not required, but government experience is a plus Benefits TestPros offers a competitive salary, medical/dental/vision insurance, life insurance, paid time off, paid holidays, 401(k) retirement plan with company match, opportunities for professional growth, cell phone discounts, and much more! All benefits are per TestPros current policies and are subject to change without notice. Benefits are available to full-time employees.​ TestPros, Inc. is an Equal Opportunity Employer. EEO Statement All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, marital status, age, national origin, or protected veteran status.

• Collaborate with the Customer Support team to troubleshoot and resolve customer issues related to the Wordfence plugin. • Participate in weekly meetings with the core Wordfence, Customer Support, and Care and Response teams. • Collaborate with the Marketing team to gain insight into marketing strategy and SEO principles. • Support the Quality Assurance team by testing the Wordfence plugin and website improvements. • Support the Threat Intelligence team by researching plugin vulnerabilities and identifying various exploits. • Conduct independent study and successful completion of Security+ certification.