Amentum is a global leader in advanced engineering and innovative technology solutions, trusted by the United States and its allies to address their most significant and complex challenges in science, security and sustainability. Headquartered in Virginia, we have more than 53,000 employees in approximately 80 countries across all 7 continents.

The Cybersecurity Training & Governance, Risk, Compliance (GRC) Analyst is a remote, hands-on role responsible for supporting Amentum’s cybersecurity governance, risk, and compliance initiatives. This position leads the development and delivery of training programs focused on frameworks such as CMMC, ISO 27001, CE+, and DISP. The ideal candidate combines technical understanding with expertise in policy and process documentation, data analysis and reporting, and instructional design. This role plays a critical part in reinforcing governance objectives through effective training, clear communication, and strong collaboration across teams. US Citizenship is required. This is a remote-telework role.

Essential Responsibilities:

• Create effective training materials, design structured learning strategies, and assess learning outcomes.
• Conduct assessments to identify training gaps and tailor content accordingly.
• Design and deliver onboarding programs to integrate new hires into cybersecurity practices.
• Develop, manage, track, and report on white phishing program.
• Facilitate virtual training sessions using platforms such as Microsoft Teams.
• Collaborate with stakeholders to address training performance issues and drive engagement.
• Collect, analyze, and report on cybersecurity governance, risk, and compliance (GRC) data.
• Aggregate and synthesize cybersecurity metrics and audit data into meaningful insights to support compliance and risk posture reporting.
• Develop executive-level dashboards and monthly reports that communicate trends, gaps, and key risk indicators (KRIs) across GRC domains.
• Interpret internal and external policy, regulatory, and framework requirements (e.g., NIST SP 800-171, CMMC, ISO 27001, CE+, DISP) to ensure alignment of training and GRC documentation.
• Support internal assessments and readiness activities by gathering evidence, tracking remediation progress, and maintaining documentation in GRC systems.
• Participate in the design and continuous improvement of security controls protecting users, systems, applications, and data.
• Review and provide feedback on cybersecurity policies, standards, and procedures authored by other teams to ensure alignment with governance frameworks.
• Translate technical controls and requirements into business-relevant documentation that supports consistent understanding and implementation.
• Develop and maintain templates, guidance documents, and process documentation to support policy and procedure development across the organization.
• Maintain and version-control GRC documentation libraries, ensuring accuracy, accessibility, and audit readiness.
• Contribute to risk reviews, issue tracking, and exception handling by ensuring proper documentation and reporting standards are followed.
• Partner with control and system owners to clarify requirements, identify gaps, and propose mitigation strategies or control enhancements.

Position Knowledge, Skills, and Abilities:

• Strong knowledge of cybersecurity governance, risk, and compliance frameworks (e.g., NIST SP 800-171, CMMC, ISO 27001).
• Familiarity with security controls and risk management in enterprise environments.
• Working understanding of instructional design and adult learning principles.
• Excellent written and verbal communication skills, able to translate technical concepts for diverse audiences.
• Proficient in developing training materials and facilitating virtual sessions.
• Strong analytical skills for interpreting GRC data and creating reports or dashboards.
• Skilled with Microsoft 365 tools (Word, Excel, PowerPoint, Teams) and experience with LMS and survey tools.
• Experience creating and maintaining policies, procedures, and process documentation with attention to detail.
• Ability to collaborate effectively with stakeholders across technical and compliance teams.
• Ability to manage multiple priorities and work independently in a remote or distributed environment.
• Ability to assess training effectiveness and continuously improve content based on feedback and metrics.

Minimum Requirements:

• Must be a U.S. Citizen.
• Bachelor’s degree in Cybersecurity, IT, Instructional Design, Business, or related field; or equivalent experience.
• 5+ years of experience in cybersecurity, GRC, compliance, or technical training.
• Experience developing and delivering cybersecurity training or awareness programs.
• Knowledge of cybersecurity frameworks and regulations (e.g., NIST SP 800-171, CMMC, ISO 27001).
• Proficient in data analysis and reporting using tools like Excel or Power BI.
• Familiarity with security controls, risk concepts, and audit processes.
• Strong writing and documentation skills for policies, standards, and procedures.
• Ability to facilitate virtual training sessions using Microsoft Teams or similar platforms.
• Proficiency with Microsoft 365 (Word, Excel, PowerPoint, Teams).

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed,  marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters.