About Us When you work at Chugach Government Solutions (CGS), you join a proud legacy of supporting missions while sustaining culture. The federal division of Chugach Alaska Corporation, CGS has been supporting critical missions as a government contractor for over 25 years. Our focus is to support facility maintenance, IT/technical services, construction and education. We are proud to have built, and continue to foster, an incredibly talented team spanning across the globe in hundreds of different fields – each team member proud to serve our country with first-class business services, while also making a difference for our Chugach shareholders. At CGS, empowering employees is a part of our core, and that focus is one of the ways we build and foster high-performing teams. We empower our employees through competitive compensation and benefits package, professional growth opportunities, truthful communication, and more! If you are looking for an opportunity to serve something bigger than yourself; if you want your day job to be one that creates meaningful value; if you are looking for an environment that highly values employees and respects individual differences – then Chugach Government Solutions may be the right fit for you! Job Overview The Information Security Specialist – Governance, Risk, and Compliance (GRC) will focus on maturing and enhancing Chugach Government Solutions (CGS) cybersecurity GRC initiatives. This position is crucial for ensuring our cybersecurity posture aligns with best practices and regulatory standards. The individual will be responsible for identifying, analyzing, and influencing the management of information risks across the organization and ensuring the operation of enterprise-wide security controls enabling the business to operate securely, protect its people, defend its assets, and preserve shareholder value. This role coordinates assessments and security monitoring to uphold the function across information technology (IT), Lines of Business, and other administration functions across CGS. The position will understand cyber risks to the business and develop engaging and timely cyber awareness content and promote a cybersecurity-focused culture. Work Model: Hybrid Responsibilities Essential Duties & Job Functions: Serves as the principal manager for the ongoing execution, implementation, and monitoring of the GRC initiatives and other applicable regulatory standards. Performs focused information risk assessments of existing or new services and technologies, along with business counterparts. Ensures the rigorous application of information security/information assurance policies, principles, and practices to the delivery of enterprise solutions and services. Plan, implement and upgrade security measures and controls. Perform vulnerability testing, risk analyses and security assessments. Conduct internal and external security audits. Creates, reviews and updates compliance frameworks tailored to the company via policies, standards, procedures, and controls. Travels to project site locations to assess compliance with applicable cyber standards. Train fellow employees in security awareness and procedures. Increases the level of maturity in risk management and controls. Develop and execute a continuous monitoring schedule. Lead and conduct audit meetings as required in coordination with supervisor. Analyze assessment findings against applicable criteria to validate and review reports; review conclusions and recommendations before supervisory approval. Performs other duties as assigned. Communication & Stakeholder Management: Collaborates with other Security teams to improve and scale cyber governance. Implement strategy for security assessments in coordination with compliance, system teams, executive teams, and other key stakeholders. Provides training and guidance within the company on secure governance frameworks, business processes, architecture design, and risk controls. Job Requirements Mandatory: Bachelor’s Science (BS) in business information systems (IS), computer science, technology, engineering, or another related field. Eight (8) years of experience in information security, cybersecurity, or related roles, three of which had a primary focus in Governance, Risk, and Compliance (GRC). Knowledge of common information security management frameworks such as SOC2, PCI DSS, ISO, and NIST. Hands-on experience troubleshooting hardware and system software. Must be able to speak, read, and comprehend English to perform contract requirements and comply with emergency procedures. Ability to pass any employment background checks and/or drug testing required on the contract. Valid state Driver’s License with acceptable driving record pertinent to the position. Travel up to 10% of the time. Reasonable Accommodation: CGS will provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities. In compliance with the ADA Amendments Act (ADAAA), if you have a disability and would like to request an accommodation in order to apply for a position with Chugach Government Solutions or any of its subsidiaries, please email ada@chugachgov.com Equal Employment Opportunity: Chugach is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, gender, sexual orientation, gender identity or expression, age, pregnancy, disability, genetic factors, protected veteran status or other characteristics protected by law.