Senior GRC Analyst

📋 Description

• Lead FedRAMP readiness, authorization, and ConMon activities
• Manage SSP, SAR, POA&M, and 3PAO coordination
• Maintain FedRAMP docs and artifacts (SSP, CIS, CRM)
• Lead audits for FedRAMP, ISO 27001/27701, PCI-DSS, NIST 800-171, IRAP
• Coordinate with owners and 3PAOs to remediate findings
• Conduct risk assessments and vendor risk reviews; drive remediation plans

🎯 Requirements

• 8+ years in cybersecurity, audits, risk, or compliance
• Hands-on FedRAMP experience (Moderate or High baseline preferred) incl SSP, POA&M management, 3PAO coordination
• Deep familiarity with NIST 800-53 Rev 5 and FedRAMP overlays/guidance
• Cloud gov platforms: AWS GovCloud, Azure Government, Google Cloud
• Strong negotiation and prioritization of risk remediation with internal and federal stakeholders
• Bachelor's degree in Information Systems, Computer Science, Information Security, or related field
• Certifications preferred: CISSP, CISA, FedRAMP PMO training or similar

🎁 Benefits

• Vibrant, dynamic work environment with comprehensive benefits
• Opportunity to work on federal GRC programs and growth
• Flexible, work-life balanced environment