Title: Sr. GRC Analyst

State Role Title: Info Technology Specialist III

Hiring Range: Commensurate with Experience

Pay Band: 6

Agency: Department of Taxation

Location: Main Street Center

Agency Website: https://www.tax.virginia.gov/work-with-us

Recruitment Type: Agency Employee Only - A

Job Duties

Are you the person who finds what everyone else misses?

The Virginia Department of Taxation’s Office of Information Security is looking for a Senior GRC (Governance, Risk and Compliance) Analyst who brings curiosity, initiative, and a sharp eye for detail to our security program. In this role, you won't just check boxes. You'll dig into the details, ask the hard questions, and help us build a security program that's as strong in practice as it is on paper.


As a Senior GRC Analyst you will: 

Identify, assess, and document organizational risks, and keep stakeholders accountable to resolving them

Review System Security Plans (SSPs) to ensure controls are accurately and completely described, and engage stakeholders when there are concerns

Test and verify that security controls are actually working the way they're supposed to, across their full scope

Support internal and external audit events, from evidence gathering to finding consolidation

Manage Plans of Action and Milestones (POA&Ms) from identification through remediation

Develop security procedures that turn what the organization actually does into clear, documented practice

Provide input on security policies and standards to help keep them relevant and accurate

Please note that this is an Agency Only recruitment. Only current Virginia Department of Taxation employees will be considered for this recruitment.

This position is located in our Central Office in downtown Richmond, Virginia. 
 
This position is eligible for a hybrid telework schedule. 
 
The anticipated hiring salary is $130,000 commensurate with experience. 


As a member of the Virginia Tax team, you can expect additional benefits such as: 

• Job stability and quality of life! Enjoy your work/life balance with flexible schedule options and up to two days of telework per week. 
• 12 Paid State holidays on top of vacation, sick, volunteer, and personal leave! 
• Comprehensive and affordable health benefits. 
• Got student loans? You may be eligible for the Public Service Loan Forgiveness program. 
• Participation in the Virginia Retirement System, VA 457 Deferred Comp, and more. 


At Virginia Tax… 

We are dedicated, resourceful individuals who strive to exceed our customers’ expectations. Not only do we serve the public, we are the public. We are a part of a community that cares about and celebrates each other, who promote opportunities for growth within a stable environment, and support a healthy work-life balance.  

What we do matters. So do you.

Minimum Qualifications

Working knowledge and experience in cybersecurity, information assurance, or a directly related field with demonstrated GRC responsibilities

Ability to support audit activities, including evidence gathering and auditor inquiry response

Ability to read and critically evaluate System Security Plans (SSPs) and identify gaps in control descriptions and scope

Experience conducting control assessments through artifact review and technical observation

Working knowledge of at least one applicable regulatory framework such as IRS 1075, PCI DSS, or state privacy laws

Strong written and verbal communication skills, with demonstrated ability to work across technical and non-technical stakeholders

CompTIA Security+, CEH, or equivalent foundational certification

Additional Considerations

Hands-on experience with the NIST Risk Management Framework (RMF), including risk assessment, POA&M management, and continuous monitoring

Knowledge of Commonwealth of Virginia Information Security Standards and Guidelines, IRS Publication 1075, Payment Card Industry Data Security Standards, and other industry security standards

Experience translating organizational practices and procedures into formal control language

Familiarity with multiple regulatory frameworks and the ability to assess controls against them simultaneously

Experience identifying undocumented security practices and formalizing them into written procedures

Advanced certification such as CISSP, CISM, or CRISC

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

All Virginia Tax employees must be current with filing their tax returns ensuring they were filed in compliance with established laws, rules and regulations. 
 
Selected candidate(s) will be required to consent to and successfully pass a background investigation which includes fingerprint-based criminal history, tax compliance, and DMV driving record (if applicable) checks. 

The selected candidate will be prohibited from performing tax or accounting services for compensation during or outside business hours. 
 
Virginia Tax is an equal opportunity employer that values diversity in the workforce. All qualified applicants are afforded equal opportunities without regard to race, sex, color, national or ethnic origin, religion, genetics, age, veteran status, political affiliation, or disability.  
 
Reasonable accommodations are available to applicants with disabilities, if requested, during the application and/or interview process. If accommodations are needed, please contact Human Resources at (804) 786-3610. 
 
Virginia Tax participates in E-verify. 
 
Consideration for an interview is based solely on the information within the application and/or resume’. 

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their Certificate of Disability (COD) provided by a Vocational Rehabilitation Counselor within the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their Certificate of Disability. If you need to get a Certificate of Disability, use this link: Career Pathways for Individuals with Disabilities, or call DARS at 800-552-5019, or DBVI at 800-622-2155. 

Contact Information

Name: Virginia Tax Talent Acquisition Team 

Phone: 804-786-3608 

Email: hroffice@tax.virginia.gov