GRC Specialist - Public Sector, IT Operations
Join to apply for the
GRC Specialist - Public Sector, IT Operations
role at
BDO USA
GRC Specialist - Public Sector, IT Operations
1 day ago Be among the first 25 applicants
Join to apply for the
GRC Specialist - Public Sector, IT Operations
role at
BDO USA
JOB DESCRIPTION
The Governance Risk & Compliance (GRC) Specialist leads the development, ongoing implementation, and continuous improvement of cybersecurity and compliance programs for the firm’s Public Sector business line. This role is instrumental in maintaining alignment with federal frameworks such as NIST SP 800-171, CMMC, and FedRAMP.
Job Summary
JOB DESCRIPTION
The Governance Risk & Compliance (GRC) Specialist leads the development, ongoing implementation, and continuous improvement of cybersecurity and compliance programs for the firm’s Public Sector business line. This role is instrumental in maintaining alignment with federal frameworks such as NIST SP 800-171, CMMC, and FedRAMP.
Job Duties
Implements and optimizes programs aligned with NISTSP800‑171, CMMC, FedRAMP, and other applicable frameworks
Develops and maintains System Security Plans (SSPs), Plan of Action & Milestones (POA&Ms), and other artifacts for audit readiness
Evaluates contracts, Statements of Work, and vendor agreements for applicable requirements
Performs enterprise-wide risk assessments, vulnerability analyses, threat modeling, and control testing
Leads drafting, revision, and lifecycle management of IT policies, procedures and memos in alignment with NIST SP 800-171 and CMMC requirements
Maintains compliance dashboards, evidence repositories, and control libraries
Manages Change Control Board processes and policy change workflows
Analyzes audit findings and continuous monitoring data to assess impact on CMMC maturity and enterprise cybersecurity effectiveness
Collaborates with other business lines to ensure that new and existing systems, services, and vendor practices comply with information safeguarding requirements and other organizational requirements
Ensures organizational policies reflect current regulatory and contractual obligations
Translates complex technical and compliance information into actionable guidance for non‑technical stakeholders
Monitors changes in federal cybersecurity laws, standards, and frameworks relevant to CUI protection
Liaises across IT, Legal, HR, Procurement, and other departments to ensure GRC practices are integrated
Assesses whether security incidents meet thresholds for regulatory noncompliance, and coordinates appropriate organizational response
Develops and maintains multi‑year strategic plans and implementation roadmaps that align with cybersecurity objectives
Other duties as required
Supervisory Responsibilities
Directs day-to-day activities/workload of staff, as needed
Education
Qualifications, Knowledge, Skills, and Abilities:
High school diploma or GED, required
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, Software Engineering, Information Systems, or Computer Engineering, preferred
Experience
Three (3) or more years of experience developing or managing cybersecurity compliance programs aligned with NIST or similar federal cybersecurity frameworks, required
License/Certifications
Industry‑recognized certifications, such as CISM, CASP+, CISSP, CISA, Security+, or other IT credentials demonstrating knowledge management fundamentals, preferred
Other Knowledge, Skills, And Abilities
Strong verbal and written communication skills
Excellent interpersonal and customer relationship skills
Capacity to work in a deadline-driven environment while handling multiple complex projects/tasks simultaneously with a focus on details
Capable of successfully multi-tasking while working independently or within a group environment
Knowledge of FedRAMP, NIST SP 800-53, NIST SP 800-171, NIST CSF, Cybersecurity Maturity Model Certification (CMMC)
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
Knowledge of cyber threats and vulnerabilities
Knowledge of applicable business processes and operations of customer organizations
Knowledge of applicable laws, regulations, statutes, or directives related to cybersecurity and privacy
Skilled in creating policies that reflect organizational objectives
Skilled in communicating with all levels of management (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience)
Ability to develop clear directions and instructional materials
Ability to develop standard operating procedures (SOPs) in compliance with laws, regulations, policies, and standards in support of organizational cyber activities
Ability to tailor technical and planning information to a customer's level of understanding
Ability to work across departments and business lines to implement the firm's cybersecurity and compliance programs
Ability to work after standard business hours and travel, as needed
About Us
Join us at BDO, where you will find more than a career, you’ll find a place where your work is impactful, and you are valued for your individuality. We offer flexibility and opportunities for advancement. Our culture is centered around making meaningful connections, approaching interactions with curiosity, and being true to yourself, all while making a positive difference in the world.
At BDO, our purpose of helping people thrive every day is at the heart of everything we do. Together, we are focused on delivering exceptional and sustainable outcomes and value for our people, our clients, and our communities. BDO is proud to be an ESOP company, reflecting a culture that puts people first, by sharing financially in our growth in value with our U.S. team. BDO professionals provide assurance, tax and advisory services for a diverse range of clients across the U.S. and in over 160 countries through our global organization.
BDO is the first large accounting and advisory organization to implement an Employee Stock Ownership Plan (ESOP). A qualified retirement plan, the ESOP offers participants a stake in the firm’s success through beneficial ownership and a unique opportunity to enhance their financial well-being. The ESOP stands as a compelling addition to our comprehensive compensation and Total Rewards benefits* offerings. The annual allocation to the ESOP is fully funded by BDO through investments in company stock and grants employees the chance to grow their wealth over time as their shares vest and grow in value with the firm’s success, with no employee contributions.
We Are Committed To Delivering Exceptional Experiences To Middle Market Leaders By Sharing Insight-driven Perspectives, Helping Companies Take Business As Usual To Better Than Usual. With Industry Knowledge And Experience, a Breadth And Depth Of Resources, And Unwavering Commitment To Quality, We Pride Ourselves On
Welcoming diverse perspectives and understanding the experience of our professionals and clients
Empowering team members to explore their full potential
Our talented team who brings varying skills, knowledge and experience to proactively help our clients navigate an expanding array of complex challenges and opportunities
Celebrating ingenuity and innovation to transform our business and help our clients transform theirs
Focus on resilience and sustainability to positively impact our people, clients, and communities
BDO Total Rewards that encompass so much more than traditional “benefits.” Click here to find out more!
Benefits may be subject to eligibility requirements.
Equal Opportunity Employer, including disability/vets
Click here to find out more!
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected veteran status.
"BDO USA, P.A. is an EO employer M/F/Veteran/Disability"
Seniority level
Seniority level Mid-Senior level
Employment type
Employment type Full-time
Job function
Job function Finance and Accounting/Auditing
Industries Accounting
Referrals increase your chances of interviewing at BDO USA by 2x
Sign in to set job alerts for “Information Technology Specialist” roles.
Orlando, FL $120,000.00-$165,000.00 2 weeks ago
Orlando, FL $95,000.00-$100,000.00 10 hours ago
Luxury Residential Technology Specialist
Technology Success Consultant - IT Managed Services Sales (iTech)
Global Travel Technology Specialist: 25-05568
Business Data Analyst, Systems & Technology
Adjunct Faculty, Information Systems Technology
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr

GRC Specialist - Public Sector, IT Operations
BDO USA · Orlando, FL, USA ·
- Pay:
- $120,000-$165,000/yr
- Job type:
- Full Time