Governance, Risk and Compliance (GRC) Solution Engineer

Our goal is to solve problems and deliver results for our clients. At Cloud and Things, you can be a part of transforming the public sector's IT environment. Our team is on the forefront of helping to solve the government's most complex IT challenges. If you are seeking a role that offers the opportunity to work on rewarding projects, consider a career with Cloud and Things.

*This is an exempt position. Salary commensurate with experience*

Overview:

We are seeking a GRC Solutions Engineer who will support our client. The Governance, Risk and Compliance (GRC) Solution Engineer, will collaborate and support the integration of an industry leading GRC solution to assist clients in managing risks, ensuring compliance with regulations and internal policies, and improving risk management practices. The ideal candidate will have knowledge of the RSA Archer platform as well as of risk management, security and privacy practices, and be an effective written and verbal communicator. The GRC Solution Engineer's, day-to-day role will include working with a team to advance a modern GRC solution that will be the foundation of GRC service offerings for stakeholders across NYS.

Duties:

• Day-to-day technical administration of RSA Archer platform.

• Alignment of service offering business needs with platform configurations and capabilities.

• Managing upgrades and patching across RSA Archer environments.

• Working with business units to determine requirements and maintain RSA Archer procedures and documentation.

• Creation and maintenance of RSA Archer dashboards and reports.

• Prototyping workflows in RSA Archer risk management system.

• Evaluation of customer workflows and processes for use with RSA Archer.

• Conducting risk assessments.

• Monitoring compliance programs.

Mandatory Qualifications:

• A bachelor's degree in cybersecurity or similar discipline.

• 10 years of relevant experience, including a minimum of 2 years of supervisory experience.

• 5 years of experience using Archer software in a development role.

• 2 years of experience implementing Archer solution in a federal or state agency.

• 5 years of experience configuring RSA Archer modules, creating applications, dashboards, reports and workflows.

• A combination of education and experience will be considered.

• Familiarity with security and compliance, internal controls, ERM, and audit assessments processes with focus on NIST 800-53, GAO Green Book.

• Extensive experience with RSA Archer GRC processes and configuration, including application design, workflow creation, data mapping, custom fields, reporting, and dashboard development.

• Knowledge of creating and managing data feeds for data import/export from various sources.

• Experience with system integration using APIs, Web Services, scripting, and database management (SQL).

• Experience with assessing and analyzing business requirements, current environment and GRC technology choices to produce technical solutions and/or solution alternatives that meet business needs.

• Excellent communication skills to work with stakeholders at all levels, gather requirements, and present technical information clearly.

• Proven track record of delivering RSA Archer projects on time and within GRC standards.

• Experience in configuring the Crossfield functionality to associate the records within the same applications or other applications and questionnaires.

Desirable Qualifications:

• Archer Certified Specialist or Archer Certified Expert certifications are highly desirable.

• Experience with the following applications in RSA Archer: Issues Management, Policy Program, Privacy Program, Bottom-Up Risk Assessment, Top-Down Risk Assessment, Self-Assessment Management, IT Controls Assurance, IT Risk Management, Data Governance, Loss Event Management and Key Indicator Management.