Cyber Security Analyst

Job Description Job Description Multiple positions (Jr and Sr level) Long Term Contract position through 2026 + extension Position 1: Supply Chain Risk Management (SCRM) Analyst — This role focuses on identifying, analyzing, and managing cybersecurity, compliance, and operational risks across defense suppliers, with a strong emphasis on software and technology supply chains. Responsibilities: Identify and assess risks in defense suppliers, systems, and software components Evaluate vendors for cybersecurity posture, compliance, and reliability Ensure adherence to federal regulations (NIST 800-53, DFARS, FAR, NDAA restrictions, etc.) Monitor supplier environments for vulnerabilities, changes, and emerging risks Produce risk assessments, reports, and recommendations for leadership and stakeholders Collaborate with engineering, procurement, and security teams to mitigate identified risks Support improvements to the organization’s supply chain risk management framework and processes Requirements: U.S. citizen with active Secret clearance (TS eligibility required) Bachelor’s degree 3–5 years of experience in defense, cybersecurity, supply chain risk, or related fields Strong understanding of software supply chain security and defense industry compliance frameworks Familiarity with NIST 800-53, DFARS, FAR, and NDAA requirements Strong analytical, communication, and reporting skills Position 2 Senior INFOSEC Compliance Analyst Long-Term Contract | Hybrid | 9/80 Schedule Seeking an experienced INFOSEC Compliance Analyst to support a major DoD audit initiative. Immediate interview and hire process.

Active Secret Clearance preferred, but not required. Candidates must be able to pass a background investigation. Key Responsibilities: • Support Governance, Risk & Compliance (GRC) initiatives • Develop and maintain SSPs, POA&Ms, and compliance documentation • Support CUI security requirements and vendor compliance reviews • Assist with cybersecurity policies, procedures, and standards • Perform risk assessments and support audit readiness efforts • Work with cloud and on-prem cybersecurity environments Requirements: • 5+ years of INFOSEC Compliance/Risk Management experience • Strong knowledge of NIST, CMMC, FedRAMP, and DFARS • Experience with RMF, SSPs, POA&Ms, and CUI environments • Strong communication and cross-functional coordination skills • Bachelor’s Degree or equivalent experience preferred Company Description GCR Professional Services is an engineering and information technology staffing firm (direct-hire, consultants, contract-to-hire).

Company Description GCR Professional Services is an engineering and information technology staffing firm (direct-hire, consultants, contract-to-hire).