cFocus Software Incorporated
Incident Management / Governance Risk Compliance (GRC) - HHS STIM
cFocus Software Incorporated, Atlanta, Georgia, United States, 30383
cFocus Software is seeking a highly skilled
Incident Management / Governance, Risk, and Compliance (GRC) Engineer IV
with expertise in
RSA Archer
to support the
Security Tools and Infrastructure Modernization (STIM)
contract with the U.S. Department of Health and Human Services (HHS). The Engineer will be responsible for the
administration, operations, troubleshooting, and integration of the enterprise GRC platform
to ensure compliance, reporting accuracy, and enterprise-wide risk management. This role requires deep expertise in
RSA Archer, database administration, and incident management practices . Responsibilities
Administer, operate, and maintain the enterprise
RSA Archer GRC platform
and interconnected systems.
Partner with Security and Infrastructure teams to ensure
system availability and reliability .
Configure and enhance RSA Archer to meet evolving
business requirements and design changes .
Troubleshoot and optimize
data feeds, stakeholder notifications, and reporting workflows .
Provide technical support and training to
RSA Archer users , ensuring adoption and proper navigation of GRC processes.
Manage enterprise GRC
user accounts , including bulk uploads, account provisioning, and troubleshooting.
Support integration of Archer with
other enterprise systems
for data exchange and reporting.
Assist stakeholders with
data imports/exports , validating templates, and generating actionable reports for management.
Support
database administrators
with SQL performance tuning, upgrades, and database change planning.
Collaborate with system administrators and DBAs to develop
upgrade strategies with milestones, checklists, and fallback plans .
Respond to and support
incident management activities , including containment, remediation, and escalation.
Document and maintain
system designs, processes, and service records .
Ensure compliance with
federal security frameworks
including
CIS Controls, NIST SP 800-53 Rev. 5, and DISA STIGs .
Collaborate with cross-functional IT teams to support
infrastructure modernization projects .
Mentor junior engineers and provide
technical leadership
in GRC and incident response best practices.
Participate in a
24/7/365 on-call rotation
for enterprise GRC and incident management support.
Required Experience
8+ years
of IT security and GRC experience in federal or enterprise environments.
Demonstrated expertise with
RSA Archer
administration, configuration, and troubleshooting.
Experience managing
enterprise networking and security infrastructure , including firewalls, IDS/IPS, VPNs, and packet capture tools.
Strong proficiency with
SQL performance tuning, database administration, and data maintenance .
Proven ability to
detect, investigate, and remediate incidents
in a large enterprise environment.
Familiarity with
LAN/WAN troubleshooting, throughput optimization, and network problem resolution .
Strong communication and stakeholder engagement skills with ability to explain technical concepts to non-technical audiences.
Education & Certifications
Bachelors degree in
Computer Science, Information Systems, Cybersecurity, or related field
(or equivalent combination of education and experience).
Preferred certifications include:
RSA Archer certifications ,
CISSP ,
CISM , or
CRISC .
Clearance Requirement
Must be eligible to obtain and maintain a
Public Trust (High-Risk, Level 5) clearance .
#J-18808-Ljbffr
Incident Management / Governance, Risk, and Compliance (GRC) Engineer IV
with expertise in
RSA Archer
to support the
Security Tools and Infrastructure Modernization (STIM)
contract with the U.S. Department of Health and Human Services (HHS). The Engineer will be responsible for the
administration, operations, troubleshooting, and integration of the enterprise GRC platform
to ensure compliance, reporting accuracy, and enterprise-wide risk management. This role requires deep expertise in
RSA Archer, database administration, and incident management practices . Responsibilities
Administer, operate, and maintain the enterprise
RSA Archer GRC platform
and interconnected systems.
Partner with Security and Infrastructure teams to ensure
system availability and reliability .
Configure and enhance RSA Archer to meet evolving
business requirements and design changes .
Troubleshoot and optimize
data feeds, stakeholder notifications, and reporting workflows .
Provide technical support and training to
RSA Archer users , ensuring adoption and proper navigation of GRC processes.
Manage enterprise GRC
user accounts , including bulk uploads, account provisioning, and troubleshooting.
Support integration of Archer with
other enterprise systems
for data exchange and reporting.
Assist stakeholders with
data imports/exports , validating templates, and generating actionable reports for management.
Support
database administrators
with SQL performance tuning, upgrades, and database change planning.
Collaborate with system administrators and DBAs to develop
upgrade strategies with milestones, checklists, and fallback plans .
Respond to and support
incident management activities , including containment, remediation, and escalation.
Document and maintain
system designs, processes, and service records .
Ensure compliance with
federal security frameworks
including
CIS Controls, NIST SP 800-53 Rev. 5, and DISA STIGs .
Collaborate with cross-functional IT teams to support
infrastructure modernization projects .
Mentor junior engineers and provide
technical leadership
in GRC and incident response best practices.
Participate in a
24/7/365 on-call rotation
for enterprise GRC and incident management support.
Required Experience
8+ years
of IT security and GRC experience in federal or enterprise environments.
Demonstrated expertise with
RSA Archer
administration, configuration, and troubleshooting.
Experience managing
enterprise networking and security infrastructure , including firewalls, IDS/IPS, VPNs, and packet capture tools.
Strong proficiency with
SQL performance tuning, database administration, and data maintenance .
Proven ability to
detect, investigate, and remediate incidents
in a large enterprise environment.
Familiarity with
LAN/WAN troubleshooting, throughput optimization, and network problem resolution .
Strong communication and stakeholder engagement skills with ability to explain technical concepts to non-technical audiences.
Education & Certifications
Bachelors degree in
Computer Science, Information Systems, Cybersecurity, or related field
(or equivalent combination of education and experience).
Preferred certifications include:
RSA Archer certifications ,
CISSP ,
CISM , or
CRISC .
Clearance Requirement
Must be eligible to obtain and maintain a
Public Trust (High-Risk, Level 5) clearance .
#J-18808-Ljbffr