Sr. Principal Cybersecurity Analyst

Northrop Grumman Northrop Grumman · Aerospace · Roy, UT +1 · Cyber

Northrop Grumman is seeking a Senior Principal Cybersecurity Analyst to serve as a Compliance Liaison within their Governance & Strategy organization. This role involves translating enterprise compliance charters into service-line specific policies, driving automation of control activities, and integrating GRC functions with existing processes and technology platforms. The analyst will ensure deliverables meet applicable regulatory frameworks, perform risk assessments, design and maintain automated compliance controls, and liaise between various governance bodies. The position requires a Master's degree with 6 years of experience or equivalent, a Secret security clearance, and the ability to obtain a Top Secret clearance. Experience in cybersecurity compliance, Risk Management Framework, and customer-level implementation guidance is essential.

What you'd actually do

  1. Convert the enterprise compliance charter into service‑line policies, procedures, and standards.
  2. Perform line‑level risk assessments; maintain the service‑line risk register.
  3. Design, build, and maintain automated compliance controls (rule‑based checks, workflow approvals, continuous‑monitoring scripts).
  4. Liaise between the service line, Quality/Mission Assurance, and enterprise governance bodies (Compliance Steering Committee, Legal & Regulatory Council, Risk Council, etc.).
  5. Prepare for internal and external audits; remediate findings and track closure against SLAs.

Skills

Required

  • Master’s degree with 6 years of relevant experience; OR a Bachelor’s degree with 8 years; OR an Associate’s degree with 14 years
  • Current U.S. Government Secret level security clearance (or higher)
  • Ability to obtain, and maintain, a U.S. Government Top Secret level security clearance
  • Ability to obtain, and maintain, access to Special Programs
  • Demonstrated experience in cybersecurity compliance (e.g., Assessment and Authorization under RMF)
  • Experience in Risk Management Framework and with customer-level implementation guidance (e.g., NISPOM, JSIG, DAAG/DAAPM, ICD-503)
  • Excellent written and verbal communication
  • Influential stakeholder management
  • Analytical mindset with strong problem-solving abilities

Nice to have

  • Master’s degree in Cybersecurity or related field
  • CISSP certification
  • 10+ years of information system security or compliance experience in a classified environment
  • Current SAP/SAR Access
  • Direct experience in a defense-contracting environment supporting multiple regulatory regimes
  • Experience developing workflows and integrations between GRC tools and other enterprise level systems
  • Demonstrated record of reducing manual compliance effort through automation

What the JD emphasized

  • current U.S. Government Secret level security clearance (or higher)
  • ability to obtain, and maintain, a U.S. Government Top Secret level security clearance
  • ability to obtain, and maintain, access to Special Programs
  • cybersecurity compliance
  • Risk Management Framework
  • customer-level implementation guidance