Senior GRC Analyst

📋 Description

• Leading FedRAMP authorization efforts including SSP development, SAR review, POA&M management, and 3PAO prep
• Owning ConMon activities per FedRAMP, including monthly vulnerability scanning and annual assessments
• Maintain FedRAMP documentation, including SSP, CIS, CRM, and artifacts
• Lead internal and external audits for FedRAMP, ISO 27001/27701, PCI-DSS, NIST 800-171, and IRAP
• Coordinate with process owners, control owners, 3PAOs, and federal agency stakeholders to track and remediate findings
• Conduct risk assessments and third-party risk reviews focusing on FedRAMP boundary and supply chain risk

🎯 Requirements

• 8+ years of experience in cybersecurity, audits, risk management, compliance, or remediation
• Hands-on FedRAMP experience including SSP authoring, POA&M management, or 3PAO coordination
• Deep familiarity with NIST 800-53 Rev 5 control families and FedRAMP overlays
• Experience with cloud platforms such as AWS GovCloud, Azure Government, or Google Cloud (government regions)
• Proven ability to negotiate and prioritize risk remediation with internal and federal stakeholders
• Bachelor's degree in Information Systems, Computer Science, Information Security, or a related field

🎁 Benefits

• Flexible, trust-oriented culture that empowers ownership
• Vibrant, dynamic work environment with extensive benefits
• Work-life balance and self-care emphasis