Senior Analyst, Security Governance Risk & Compliance (GRC)

Herndon, VA; Seattle, WA; Remote

Senior Analyst, Security Governance Risk & Compliance (GRC)

About Us:

BlackSky is a real-time intelligence company. We own and operate the world's most advanced space-based intelligence platform and provide customers satellite imagery, automated analytics and high-frequency monitoring of strategic locations, economic assets, and events from around the globe. BlackSky is trusted by the most demanding allied military and intelligence organizations and commercial companies to deliver foresight into critical matters that affect national security and the economy. BlackSky's data enables governments and businesses to see, understand and anticipate change as it happens, giving them the ultimate strategic advantage so they can act quickly. Our global team works with cutting-edge technology to make a difference around the world and prides itself on being people-first, customer-focused and fun.

This role reports to the Manager, Security Engineering and will support the global security team. We would prefer someone local to our Seattle, WA or Herndon, VA offices, but are open to remote candidates in certain states. A strong candidate will assist with security program governance, security risk management, and both regulatory and customer compliance obligations. You will ensure program adherence to applicable laws, policies, and procedures and make decisions and take action to manage identified security risks throughout their lifecycle, achieve and sustain compliance.

While the locations listed in the job posting are ideal, we would love candidates near either our Herndon, VA or Seattle, WA offices. We may also consider remote candidates in certain states.

Responsibilities:

• Perform reporting of regulatory and customer compliance requirements to include interfacing with internal stakeholders (e.g., Director of Security, Director of Information Technology and broader IT Team, and Vice President of Audit) and external stakeholders (e.g., customer Security POCs, external auditors, third-party assessors).
• Manage day-to-day activities of Security Risk Management and Secure Configuration Management functions (e.g., Change Authorization Board; review software and hardware inventories for deviations or risks; manage security risk exception process).
• Lead efforts related to security program governance such as updating, developing, and performing annual reviews of corporate security policies, procedures, and standards.
• Continuously monitor changes to compliance standards, regulations, and industry best practices, and communicate impacts to relevant stakeholders.
• Other job-related duties as assigned.

Required Qualifications:

• At least five years of experience in Governance Risk and Compliance.
• Bachelor’s degree or equivalent, preferably in cybersecurity or computer science.
• Experience using GRC software.
• CISA, CISSP, CISM or equivalent security certification.
• Experience or understanding of managing CMMC 2.0 Level 2 compliance requirements to include leading interactions with DIBCAC and/or C3PAO assessors and responding to requests for compliance evidence.
• Experience managing SOX/ITGC and 404B compliance requirements to include leading interactions with external auditors and responding to requests for compliance evidence.
• Experience developing strategic, technical, and compliance related documentation, artifacts and reports.
• Exceptional verbal and written communication skills, with the ability to communicate complex compliance issues clearly to diverse audiences.
• This position requires U.S. citizenship.

Preferred Qualifications:

• Experience managing UK Cyber Essentials compliance requirements.
• Experience managing FedRAMP Moderate (NIST 800-53 Moderate) compliance requirements.
• Previous experience with implementing automated evidence gathering using API.
• Experience managing GRC software from implementation to operation.
• Ability to proactively identify emerging compliance trends and translate them into actionable recommendations.

Life at BlackSky for full-time benefits eligible employees includes:

• Medical, dental, vision, disability, group term life and AD&D, voluntary life and AD&D insurance
• BlackSky pays 100% of employee-only premiums for medical, dental and vision and contributes $100/month for out-of-pocket expenses!
• 15 days of PTO, 11 Company holidays, four Floating Holidays (pro-rated based on hire date), one day of paid volunteerism leave per year, parental leave and more
• 401(k) pre-tax and Roth deferral options with employer match
• Flexible Spending Accounts
• Employee Stock Purchase Program
• Employee Assistance and Travel Assistance Programs
• Employer matching donations
• Mac or PC? Your choice!
• Awesome swag

The anticipated salary range for candidates in Seattle, WA is $135,000-150,000 per year. The final compensation package offered to a successful candidate will be dependent on specific background and education. BlackSky is a multi-state employer, and this pay scale may not reflect salary ranges in other states or locations outside of Seattle, WA.

BlackSky is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer All Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity, disability, protected veteran status or any other characteristic protected by law.

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile

Are you a U.S. Citizen or U.S. Person? To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. * Select...

Where are you located? *

How did you hear about this opportunity? *

Are you related to anyone affiliated with BlackSky? * Select...

What are your compensation expectations? Please do not put negotiable as we want to discern if we can meet your expectations. *

Do you have relevant GRC experience? * Select...

Do you have any experience implementing and administrating audit-based tools? * Select...

How many years of experience do you have in information security? * Select...

How many years of experience do you have leading and implementing government related controls pertaining to NIST 800-171, CMMC, ITAR, or SOX? * Select...

For government reporting purposes, we ask candidates to respond to the below self-identification survey.Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiringprocess or thereafter. Any information that you do provide will be recorded and maintained in aconfidential file.

As set forth in BlackSky’s Equal Employment Opportunity policy,we do not discriminate on the basis of any protected group status under any applicable law.

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection.As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measurethe effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categoriesis as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Form CC-305

Page 1 of 1

OMB Control Number 1250-0005

Expires 04/30/2026

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp .

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

• Alcohol or other substance use disorder (not currently using drugs illegally)
• Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
• Blind or low vision
• Cancer (past or present)
• Cardiovascular or heart disease
• Celiac disease
• Cerebral palsy
• Deaf or serious difficulty hearing
• Diabetes
• Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
• Epilepsy or other seizure disorder
• Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
• Intellectual or developmental disability
• Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
• Missing limbs or partially missing limbs
• Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
• Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
• Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
• Partial or complete paralysis (any cause)
• Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
• Short stature (dwarfism)
• Traumatic brain injury

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.