Senior Technical GRC Analyst US (Remote) 10880BR Company Summary Built on 40 years of industry expertise Deltek is a leading provider of ERP solutions for Government contractors of all sizes. And whether these firms call them a contract within the government contracting space, an engagement within professional services firms or refer to them as a project within the AEC space, these organizations share the same ultimate goal—to win and deliver successful projects. Deltek offers complete and integrated software solutions that connect and automate every stage of the project lifecycle, enhancing project intelligence, management and collaboration. With Deltek’s industry-focused expertise and end-to-end visibility into project and financial performance, we empower businesses to make data-driven decisions, mitigate risks and deliver projects on time and within budget. Position Responsibilities As a Senior Technical GRC Analyst, you will ensure Deltek’s cloud environments and information systems meet security and compliance obligations by testing technical controls, supporting audits, and maturing core GRC services. To support Deltek's flagship GovCon products, you will partner with Cloud Operations, Product Security, Platform Delivery, and Security Operations to translate requirements into test procedures, produce audit-ready artifacts, and drive remediation. - Lead audits and assessments aligned to frameworks/programs such as NIST 800-53 Rev. 5, FedRAMP, CMMC, ISO 27001, PCI DSS, SOC 1, and SOC 2. - Test and document cloud control implementations across AWS/Azure/OCI (e.g., IAM, network segmentation, encryption/key management, logging/monitoring, vulnerability management, and CI/CD). - Own assessment execution end-to-end (scope, walkthroughs, testing, issue tracking, and reporting) and coordinate with external auditors and internal control owners. - Produce and maintain audit-ready artifacts (control narratives, test procedures, evidence mappings, and results) in support of internal and external audits. - Facilitate technical walkthroughs with stakeholders and auditors; explain control intent, implementation, and test results. - Identify control gaps, assess risk/impact, and drive remediation to closure with accountable owners. - Own or support key GRC services (policy lifecycle, risk management, FedRAMP continuous monitoring, POA&M, customer due diligence, and security questionnaires) and improve processes over time. - Support continuous compliance by monitoring control performance, managing recurring evidence refresh, and preparing teams for re-assessments. - Build compliance metrics and reporting (dashboards, scorecards, and executive summaries) to communicate risk and readiness. Strong experience with ServiceNow, Jira and similar tools. Success in the first 90 days looks like: You support Cloud Operations, Product Security, Platform Delivery, and Security Operations by helping implement and test the controls they own and by ensuring results and artifacts are audit ready. You independently run core audit/assessment workflows end-to-end (planning, evidence collection, technical validation, and reporting) and establish an effective cadence with engineering. Qualifications Required Qualifications: - 3+ years of experience implementing and/or assessing IT audit/ITGC, security operations, cloud security & compliance, internal audit, IT risk management, or related fields. - Bachelor’s degree in information security, Computer Science, Information Science / Informatics with Security focus, MIS, Engineering, or equivalent practical experience. - Experience assessing controls in one or more major cloud platforms (AWS, Azure, OCI). Candidates with practical OCI experience will be preferred. - Possess security/audit or cloud certification (e.g., CISA, CISSP, CCSK/CCAK, OCI/AWS/Azure/GCP). Or must clear within 12 months. Candidates preferred if certification(s) already held. US Citizenship is required for this position. Core Competencies: - Excellent ability to: - Self-manage time and priorities while working with minimal direction and supervision. - Handle multiple competing priorities and projects. - Resolve business and technical roadblocks independently through structured problem-solving. - Think critically and apply strong analytical, written, verbal, and interpersonal communication skills. - Collaborate effectively in a team environment and take directions from senior-level staff. - Demonstrated initiative to learn through a combination of structured, on-the-job, and self-directed training. Preferred Qualifications: - OCI experience. - ITAR and/or Government Cloud assessment experience. - Hands-on experience with FedRAMP and/or NIST 800-171, plus familiarity with CSA CCM and CIS Benchmarks. - Experience supporting or assessing secure software development in cloud environments (e.g., CI/CD, infrastructure as code, containers). Compensation Info The U.S. salary range for this position is $76,000.00-$134,000.00. This range is subject to change as Deltek takes a number of factors into consideration when determining individual base pay, such as location, job-related knowledge, skills and experience. Certain roles are eligible for additional rewards, including incentive compensation and equity. Benefits and perks listed here may vary depending on the nature of employment with Deltek. Employees have access to healthcare benefits, a 401(k) plan and company match, paid vacation time and holidays, well-living programs, short-term and long-term disability coverage, basic life insurance and tuition reimbursement. Position Type FT Travel Requirements 10% Compliance Requirements Certain roles may have additional privacy, security and compliance requirements to the extent they support Costpoint GCCM or similar product offerings. EEO Statement Deltek, Inc. is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status. E-Verify Statement Deltek, Inc., utilizes the E-Verify program with every potential new hire. This makes it possible for us to make certain that every employee who works for Deltek is eligible to work in the United States. To learn more about E-Verify you can call 1-800-255-7688 or visit their website by clicking the logo below. E-Verify® is a registered trademark of the United States Department of Homeland Security. Applicant Privacy Notice Deltek is committed to the protection and promotion of your privacy. In connection with your application for employment with us at Deltek, it is necessary for us to collect, store and use information about you (“Personal Data”) to administer and evaluate your application. We are the “controller” of the Personal Data you provide us and will process any such Personal Data in accordance with applicable law and the statements contained in this Employment Candidate Privacy Notice. Additionally, we have not sold and do not sell Personal Data you provide to us through the job application process.

Lead large-scale human health assessments and provide advice to top tier clients working to make sustainable decisions for some of the largest projects in Canada. As the Technical Consulting Director, Human Health Risk Assessment, you’ll shape outcomes that matter. This senior leadership role places you at the strategic center of Canada’s most influential environmental projects—spanning mining, energy, natural resources, and major infrastructure. Your expertise will help guide clients through complex regulatory landscapes while ensuring human health remains central to responsible development. Working arrangements This role is offered on a full-time, part-time or fixed term basis - we are open to applications from candidates with a need or desire for flexible working arrangements, at different stages in their career. Although the preference is for the candidate to be located near to one of our offices in Vancouver, BC; Calgary, AB; Ottawa, ON; Toronto, ON; or any of ERM’s Canadian offices, we are also open to full remote working. Why This Role Matters ERM is a global leader in environmental, health, safety, and sustainability consulting. We partner with organizations worldwide to navigate complex environmental expectations and regulatory requirements. You’ll serve as the top subject‑matter authority on human health risk assessment across Canada. Your leadership will drive technical rigor, influence project strategies, and support clients in making informed, responsible decisions that protect people and communities. What Your Impact Is - Help clients shape their business strategies to integrate human health considerations into major mining, power, and oil & gas developments. - Share your expertise with technical leaders for other project components to raise the bar in delivering a collaborative, integrated deliverable - Lead major human health risk assessment activities by growing a team and building the tools needed to deliver high quality work - Influence regulatory engagement and support transparent stakeholder communications, including Indigenous communities. What You’ll Bring Required - B.Sc. in Toxicology, Biochemistry, or related field. - At least 8+ years of experience as a consultant or regulator in human health risk assessment (HHRA) for environmental assessments (EA), although we welcome applications from candidates at higher seniority levels. - Deep knowledge of Health Canada technical guidance and provincial regulatory frameworks for environment assessments. - Proven ability to lead technical teams to deliver quality work. Preferred - M.Sc. in Toxicology, Biochemistry, or a related discipline. - 12+ years of consulting experience, including leadership roles. Key Responsibilities - Own the technical delivery of the HHRA chapter for large-scale EA projects by providing report reviews and coaching a team of junior scientists to deliver high-quality, robust models and reports. - Collaborate with internal multidisciplinary teams, client groups, regulators and external stakeholders to help connect the HHRA to the broader EA and its engagement and monitoring requirements. - As part of a senior team of practitioners and Partners, expand our human health risk assessment services across Canada by contributing to proposals and business development efforts. For the Technical Consulting Director, Human Health Risk Assessment position, the anticipated annual base pay is $148,010–$208,250 (CAD). Actual pay will depend on factors such as education, experience, skills, location, performance, and business needs. In some cases, pay may fall outside this range. This role may be eligible for bonus pay (casual and fixed term/flex force employees are not bonus eligible). We offer a comprehensive benefits package, including paid time off, parental leave, medical, dental, vision, life, disability, AD&D insurance, 401(k) or RRSP/DPSP, and other applicable benefits to eligible employees. Note: Bonuses, commissions, and other forms of additional compensation are not guaranteed and subject to the sole discretion of ERM and its policies and procedures. Who We Are: As the largest global pure play sustainability consultancy, we partner with the world’s leading organizations, creating innovative solutions to sustainability challenges and unlocking commercial opportunities that meet the needs of today while preserving opportunity for future generations. At ERM we know that creating a diverse, equitable and inclusive work environment is an essential part of making our company a great place to build a career. We also see our diversity as a strength that helps us create better solutions for our clients. Our diverse team of world-class experts supports clients across the breadth of their organizations to operationalize sustainability, underpinned by our deep technical expertise in addressing their environmental, health, safety, risk and social issues. We call this capability our “boots to boardroom” approach for its comprehensive service model that allows ERM to develop strategic and technical solutions that advance objectives on the ground or at the executive level. Please submit your resume and brief cover letter.  ERM welcomes and encourages applications from people with disabilities. Reasonable accommodations are available on request for candidates taking part in all aspects of the selection process. ERM is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, age, Indigenous identity, or status as a protected veteran or qualified individual with a disability. ERM does not accept recruiting agency resumes. Please do not forward resumes to our jobs alias, ERM employees or any other company location. ERM is not responsible for any fees related to unsolicited resumes. Notice Regarding Use of Artificial Intelligence (AI) in Hiring - Our organization uses artificial intelligence (AI) technologies to assist in the recruitment process. These tools may help screen, assess, and/or evaluate applicants based on information provided in resumes, applications, and other submitted materials. All AI systems are designed to support fair and efficient hiring decisions and operate under human oversight. - By submitting your application, you acknowledge and consent to the use of AI tools in evaluating your candidacy. If you have questions or need accommodations, please contact us at nainquiries@erm.com. Thank you for your interest in ERM! #LI-Hybrid

Role Description The Third-Party Risk Lead is responsible for leading the end-to-end technology third-party risk lifecycle for BFS. This role partners with Procurement, Legal, IT Architecture, Information Security, Privacy, and Business Owners to evaluate and manage risk for IT vendors and service providers. - Establishes clear, risk-based decisioning (approve / approve with conditions / defer / reject). - Defines governance expectations (tiering, control requirements, monitoring cadence, and remediation tracking). - Drives outcomes through influence rather than direct authority. - Leverages external security ratings and internal risk data to continuously monitor vendors. - Ensures vendors are integrated and governed in a manner consistent with BFS security standards and target architecture. Qualifications - 5+ years of experience in third-party risk management, cybersecurity risk, or technology risk. - Bachelor’s degree in Information Security, Information Systems, Risk Management, Business, or a related field (or equivalent practical experience). - Proven ability to write clear, defensible risk assessments and executive-ready summaries. - Strong organizational skills with the ability to manage multiple vendor workstreams and deadlines. - Proficiency with common productivity and reporting tools (Excel, Word, PowerPoint, SharePoint; Power BI preferred). - Hands-on experience with third-party risk tooling and/or external security ratings. - Excellent communication and interpersonal skills. - Ability to operate with ambiguity, take initiative, and drive program outcomes in a fast-paced environment. - Strong analytical and critical thinking skills. - Experience performing vendor due diligence and documenting gaps. - Working knowledge of incident management and third-party incident/breach response expectations. - Hands-on experience creating or operating risk tiering models and assessment methodologies. - Strong understanding of the full third-party lifecycle. - Experience aligning vendor risk requirements to frameworks/standards. - Experience implementing or optimizing third-party risk workflows in platforms. - Experience in audit, compliance, or a related control function; relevant certifications are a plus. Requirements - Leads architecture development for small projects and supports architectural efforts for medium to large projects. - Owns and continuously improves the IT Third-Party Risk Management (TPRM) program. - Partners with Business Owners and Procurement to confirm the business use case and intended modules/functional scope. - Leads vendor due diligence using questionnaires and evidence. - Partners with Legal and Procurement to define and negotiate security, privacy, and technology contract requirements. - Coordinates technical and architecture compatibility reviews with IT and Security Architecture. - Documents findings in a consistent risk format and tracks remediation actions to completion. - Maintains vendor risk inventory, risk registers, and dashboards/KRIs. - Executes ongoing continuous monitoring activities and conducts periodic reassessments. - Defines and maintains TPRM policies, standards, and procedures. - Facilitates cross-functional reviews and decision meetings. - Develops and maintains TPRM playbooks, questionnaire templates, and executive-ready communications. Benefits - Medical, dental, vision, and disability insurance plans. - 401(k) retirement savings plan. - PTO (including paid sick time). - 8 paid holidays per year (for salaried and hourly team members). - Annual bonus eligibility subject to company success and other terms.

• Conduct and maintain risk assessments and RCSAs across Kraken's core and emerging product lines, identifying key risk exposures and recommending appropriate controls and mitigants • Perform risk assessments for Kraken's regional entities, working with regional and global stakeholders to understand the regulatory, operational, and market risk environment • Contribute to the development and ongoing maintenance of Kraken's enterprise risk taxonomy, risk appetite framework, and key risk indicator (KRI) reporting • Own and oversee the regulated entity risk management framework, including risk appetite setting, risk taxonomy, and governance structures. Lead the identification, assessment, monitoring, and reporting of all material risk types, including operational, regulatory, liquidity, safeguarding, outsourcing, ICT, and conduct risks. Ensure alignment with applicable regulatory frameworks, including MiCAR, E-Money Regulations, and DORA. • Partner with Product and Engineering teams to embed risk considerations early in the product development lifecycle, providing guidance on risk implications of new features, products, and initiatives • Drive proactive identification and escalation of emerging risks, ensuring timely visibility for senior management and relevant governance bodies • Leverage GRC tooling and data analytics to support risk monitoring, reporting, and the automation of risk program activities at scale • Monitor the risk environment for developments — including MiCAR and broader digital asset regulatory obligations — that may affect Kraken's product or regional risk profile • Serve as the primary point of contact for risk-related engagement with the Central Bank of Ireland and other relevant regulators. Lead the preparation and delivery of risk reporting to the Board and its committees, and support regulatory submissions, reviews, and inspections as required. • Prepare clear, concise risk reporting for senior leadership, risk committees, and relevant governance bodies that articulates the key drivers of Kraken's risk landscape • Operate independently across a broad range of risk activities, adding meaningful value while maintaining a collaborative working style with PCFs and senior management • Foster a culture of risk awareness across the organization by collaborating with cross-functional partners and contributing to risk training and education efforts