Compliance Analyst, GRC/RMF

📋 Description

• The Compliance Analyst (GRC/RMF Focused) plays a vital role in supporting governance, risk, and compliance (GRC) initiatives by developing, maintaining, and overseeing security documentation and compliance artifacts in accordance with federal standards.

• This position is instrumental in facilitating Risk Management Framework (RMF) activities, continuous monitoring, and authorization processes within federal and regulated environments.

• It necessitates a strong proficiency in NIST SP 800-53, FISMA, and related guidance, along with the capability to convert technical system configurations into clear, audit-ready documentation.

• The perfect candidate is detail-oriented, organized, and adept at managing various compliance workstreams while effectively engaging with both technical and non-technical stakeholders.

⛳️ Requirements

• A Bachelor’s degree in Cybersecurity, Information Technology, Information Systems, or a related discipline.

• 3–6+ years of experience in GRC, RMF, or cybersecurity compliance roles within federal or regulated settings.

• Comprehensive knowledge of NIST SP 800-53, FISMA, and supporting NIST guidance (e.g., 800-37, 800-60, 800-171, 800-137).

• Experience in supporting FedRAMP, CMMC, and/or SOC 2 compliance initiatives.

• Practical experience with GRC platforms and compliance tracking tools.

• Technical knowledge of on-premise and cloud environments along with related security concepts.

• Proven capability to produce audit-ready documentation and manage compliance artifacts effectively.

• Excellent written and verbal communication skills, with the ability to articulate complex information clearly.

• Demonstrated ability to handle multiple projects and deadlines, showcasing strong organizational skills.

• Experience working independently while collaborating across cross-functional teams.

• Must be a U.S. Citizen and eligible to engage in federal contracting environments.

• Preferred certifications include CISA (Certified Information Systems Auditor), Security+, CISSP, or similar cybersecurity credentials; FedRAMP or RMF-related training or certifications are advantageous.

🏝️ Benefits

• Health insurance

• Flexible work hours