Senior Analyst, Security Governance Risk & Compliance (GRC)

Senior Analyst, Security Governance Risk & Compliance (GRC)

About Us:

BlackSky is a real-time intelligence company. We own and operate the world's most advanced space-based intelligence platform and provide customers satellite imagery, automated analytics and high-frequency monitoring of strategic locations, economic assets, and events from around the globe. BlackSky is trusted by the most demanding allied military and intelligence organizations and commercial companies to deliver foresight into critical matters that affect national security and the economy. BlackSky's data enables governments and businesses to see, understand and anticipate change as it happens, giving them the ultimate strategic advantage so they can act quickly. Our global team works with cutting-edge technology to make a difference around the world and prides itself on being people-first, customer-focused and fun.

This role reports to the Manager, Security Engineering and will support the global security team. We would prefer someone local to our Seattle, WA or Herndon, VA offices, but are open to remote candidates in certain states. A strong candidate will assist with security program governance, security risk management, and both regulatory and customer compliance obligations. You will ensure program adherence to applicable laws, policies, and procedures and make decisions and take action to manage identified security risks throughout their lifecycle, achieve and sustain compliance.

While the locations listed in the job posting are ideal, we would love candidates near either our Herndon, VA or Seattle, WA offices. We may also consider remote candidates in certain states.

Responsibilities:

• Perform reporting of regulatory and customer compliance requirements to include interfacing with internal stakeholders (e.g., Director of Security, Director of Information Technology and broader IT Team, and Vice President of Audit) and external stakeholders (e.g., customer Security POCs, external auditors, third-party assessors).


• Manage day-to-day activities of Security Risk Management and Secure Configuration Management functions (e.g., Change Authorization Board; review software and hardware inventories for deviations or risks; manage security risk exception process).


• Lead efforts related to security program governance such as updating, developing, and performing annual reviews of corporate security policies, procedures, and standards.


• Continuously monitor changes to compliance standards, regulations, and industry best practices, and communicate impacts to relevant stakeholders.


• Other job-related duties as assigned.

Required Qualifications:

• At least five years of experience in Governance Risk and Compliance.


• Bachelor's degree or equivalent, preferably in cybersecurity or computer science.


• Experience using GRC software.


• CISA, CISSP, CISM or equivalent security certification.


• Experience or understanding of managing CMMC 2.0 Level 2 compliance requirements to include leading interactions with DIBCAC and/or C3PAO assessors and responding to requests for compliance evidence.


• Experience managing SOX/ITGC and 404B compliance requirements to include leading interactions with external auditors and responding to requests for compliance evidence.


• Experience developing strategic, technical, and compliance related documentation, artifacts and reports.


• Exceptional verbal and written communication skills, with the ability to communicate complex compliance issues clearly to diverse audiences.


• This position requires U.S. citizenship.

Preferred Qualifications:

• Experience managing UK Cyber Essentials compliance requirements.


• Experience managing FedRAMP Moderate (NIST 800-53 Moderate) compliance requirements.


• Previous experience with implementing automated evidence gathering using API.


• Experience managing GRC software from implementation to operation.


• Ability to proactively identify emerging compliance trends and translate them into actionable recommendations.

Life at BlackSky for full-time benefits eligible employees includes:

• Medical, dental, vision, disability, group term life and AD&D, voluntary life and AD&D insurance




• BlackSky pays 100% of employee-only premiums for medical, dental and vision and contributes $100/month for out-of-pocket expenses!




• 15 days of PTO, 11 Company holidays, four Floating Holidays (pro-rated based on hire date), one day of paid volunteerism leave per year, parental leave and more


• 401(k) pre-tax and Roth deferral options with employer match


• Flexible Spending Accounts


• Employee Stock Purchase Program


• Employee Assistance and Travel Assistance Programs


• Employer matching donations


• Professional development


• Mac or PC? Your choice!


• Awesome swag

The anticipated salary range for candidates in Seattle, WA is $135,000-150,000 per year. The final compensation package offered to a successful candidate will be dependent on specific background and education. BlackSky is a multi-state employer, and this pay scale may not reflect salary ranges in other states or locations outside of Seattle, WA.

BlackSky is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer All Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity, disability, protected veteran status or any other characteristic protected by law.

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

EEO/AAP/ Pay Transparency Statements: https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf
https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf