GRC Analyst

True Anomaly
Added: February 16, 2024
A new space race has begun. True Anomaly seeks those with the talent and ambition to build innovative technology that solves the next generation of engineering, manufacturing, and operational challenges for space security and sustainability.


The peaceful use of space is essential for continued prosperity on Earth—from communications and finance to navigation and logistics. True Anomaly builds innovative technology at the intersection of spacecraft, software, and AI to enhance the capabilities of the U.S., its allies, and commercial partners. We safeguard global security by ensuring space access and sustainability for all.


  • Be the offset. We create asymmetric advantages with creativity and ingenuity
  • What would it take? We challenge assumptions to deliver ambitious results
  • It’s the people. Our team is our competitive advantage and we are better together


We are seeking an experienced GRC Analyst to join our Information Security team at True Anomaly. The GRC Analyst will be a crucial asset in ensuring the security and compliance of our information assets. The ideal candidate should possess a minimum of 5 years of hands-on experience implementing NIST 800-171, NIST 800-53, and STIGs compliance across organizations, demonstrating a profound understanding of CMMC 2.0, DoD compliance frameworks, policy development, and cloud security best practices.


  • Implement robust security procedures across True Anomaly's systems and platforms.
  • Conduct information technology compliance assessments across various frameworks (e.g., NIST 800-171, 800-53, etc.), to include, but not limited to:
    • NIST SP 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (DFARS 252.204-7012).
    • NIST SP 800-53 Rev. 5, Security and Privacy Controls for Federal Information Systems and Organizations.
    • Framework for Improving Critical Infrastructure Cybersecurity - NIST Cybersecurity Framework (CSF)
    • Cybersecurity Maturity Model Certification (latest version)
    • Zero Trust, Resiliency
    • Review and develop System Security Plans (SSPs), Plans of Actions and Milestones (POA&Ms), and as well as necessary artifacts.
    • Develop various policy documents (SOPs/CONOPs) as required. This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recover, and Security Assessments.
    • Keep management apprised of impending areas of concern, verbally and in writing.
    • Develop new, and mature existing information security and enterprise risk policies.
    • Initiate, and lead on-going information security maturity assessment processes and training, using industry accepted frameworks and implement into the overall cyber security posture.
    • Produce and review key performance indicators for implemented security measures and distribute KPIs.
    • Maintain knowledge of threat landscape by monitoring threat intelligence, and other related sources.
    • Conduct internal audits to ensure unwavering adherence to DoD compliance standards.
    • Collaborate with software engineers to fortify software and resolve vulnerabilities.

    Basic Qualifications

    • 5+ years of directly related experience in IT security assessment and Experience as an ISSM or ISSO a plus.
    • Demonstrated understanding of NIST SP.800-171, NIST SP.800-171A, NIST SP.800-53, NIST SP.800-53A, FedRAMP and/or other similar federal government regulations and industry standards
    • Verify and document the implementation of security controls necessary to achieve compliance.
    • Understanding of a broad range of IT and information security risks
    • Experience building and rolling out compliance policies
    • Experience authoring corporate security policies (e.g., privacy, data, and records retention) and enterprise security
    • At least 5 years of experience developing security standards, guidelines, and remediation planning based on best practices and industry
    • Comprehensive understanding of incident response, system configuration, vulnerability management, and hardening guidelines within the DoD context


    • Base Salary: $120,000 - $150,000
    • Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

    Additional Requirements

    • Work Location: Remote
    • Schedule: must be available during core business hours (9am-2pm MST), Monday-Friday

    This position will be open until it is successfully filled. To submit your application, please follow the directions below.

    To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

    We value diversity of experience, knowledge, backgrounds and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy, maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know.