Public Sector Compliance Analyst

This is a fully remote position, open to applicants in Massachusetts, +1 more state.

📋 Description

• Assist in the daily operations of Rapid7’s US Public Sector compliance programs, primarily focusing on FedRAMP.

• Help maintain compliance documentation, including policies, procedures, system security plans (SSPs), authorization artifacts, and supporting evidence.

• Support continuous monitoring (ConMon) efforts, including the collection of ongoing evidence and reporting.

• Aid in managing Plans of Action & Milestones (POA&Ms), including tracking remediation progress, timelines, and risk ownership.

• Monitor and facilitate control implementation in accordance with NIST 800-53 rev. 5 and NIST 800-171.

• Utilize ATO-focused GRC platforms such as Paramify, ServiceNow GRC, Onspring, or RegScale to oversee compliance status, risks, and findings.

• Collaborate with Engineering and Security teams to comprehend technical control implementations, vulnerabilities, and remediation strategies.

• Assist in audit and assessment preparedness activities, including ATO packages and regulatory reporting.

• Support vendor evaluations, including Control Implementation Summaries (CIS) and Customer Responsibility Matrices (CRM).

• Help identify opportunities to enhance GRC, POA&M, and ConMon processes through standardization, automation, and improved data quality.

• Gain practical exposure to evolving requirements such as CMMC, recent Executive Orders, and emerging cybersecurity initiatives in the US public sector.

⛳️ Requirements

• 2-5 years of experience (or equivalent academic, internship, or early-career experience) in cybersecurity, risk management, compliance, governance, or cloud security.

• Foundational understanding of NIST 800-53 and/or NIST 800-171.

• Interest in US Government and SLED cybersecurity programs (FedRAMP, GovRAMP, StateRAMP).

• Experience or familiarity with ATO-focused GRC platforms such as Paramify, ServiceNow GRC, Onspring, or RegScale.

• Ability to comprehend and document both policy-based and technical security controls.

• Strong analytical skills, attention to detail, and comfort with structured documentation.

• Excellent written and verbal communication skills.

• A curious, collaborative mindset and a willingness to learn.

🏝️ Benefits

• Health insurance

• 401(k) matching

• Paid time off

• Flexible work hours

• Professional development opportunities