Compliance Analyst, GRC/RMF

This is a fully remote position, open to applicants in United States.

📋 Description

• The Compliance Analyst (focused on GRC/RMF) aids in governance, risk, and compliance (GRC) initiatives by creating, updating, and overseeing security documentation and compliance artifacts that adhere to federal standards.

• This position is essential in facilitating Risk Management Framework (RMF) activities, ongoing monitoring, and authorization processes across federal and regulated settings.

• The role demands a strong understanding of NIST SP 800-53, FISMA, and relevant guidelines, along with the capability to convert technical system configurations into clear, audit-ready documentation.

• The perfect candidate will be detail-oriented, organized, and adept at managing various compliance workstreams while effectively engaging with both technical and non-technical stakeholders.

⛳️ Requirements

• A Bachelor’s degree in Cybersecurity, Information Technology, Information Systems, or a related discipline.

• 3 to 6+ years of experience in GRC, RMF, or cybersecurity compliance positions within federal or regulated environments.

• In-depth knowledge of NIST SP 800-53, FISMA, and related NIST guidelines (e.g., 800-37, 800-60, 800-171, 800-137).

• Experience in supporting FedRAMP, CMMC, and/or SOC 2 compliance initiatives.

• Practical experience with GRC platforms and compliance tracking tools.

• Technical familiarity with both on-premise and cloud environments, along with associated security concepts.

• Proven track record of producing audit-ready documentation and managing compliance artifacts.

• Excellent written and verbal communication skills with the ability to clearly articulate complex information.

• Demonstrated capacity to handle multiple projects and deadlines, showcasing strong organizational skills.

• Experience working independently while coordinating efforts across cross-functional teams.

• Must be a U.S. Citizen and qualified to support federal contracting environments.

• Preferred certifications include CISA (Certified Information Systems Auditor), Security+, CISSP, or similar cybersecurity credentials. FedRAMP or RMF-related training or certifications are advantageous.

🏝️ Benefits

• Health insurance

• Flexible work hours