Governance, Risk & Compliance (GRC) Analyst | Information Security | Phoenix AZ Hybrid | Arizona State Agency | Contract to Hire

About the position

An Arizona state agency is seeking a GRC (Governance, Risk & Compliance) Analyst to join their Information Security team. You will perform risk assessments, conduct audit reviews, develop POA&Ms, and work cross-functionally with business units to strengthen the agency's security posture.

Responsibilities
• Perform risk assessments and audit reviews; generate findings reports and track outcomes
• Review and manage security audit plans, security plans, and risk documentation
• Investigate suspicious network activity and generate incident reports
• Prepare audit documentation and draft findings per agency writing standards
• Research IT security standards, laws, and regulations to ensure compliance

Requirements
• NIST 800-53 R5
• Risk Management Framework (RMF)
• Windows/Unix experience
• Bachelor's degree
• Local to Phoenix AZ metro (within 1 hour drive) — city and state must be on resume
• Eligible for FTE conversion — no visa sponsorship
• Available for in-person interview within 1 week of June 22

Nice-to-haves
• CISSP, CCSP, GSTRT, GSNA, or CAP certification
• Project management experience
• Knowledge of IRS Pub1075, HIPAA/HITRUST, CJIS, MARS-E frameworks