GRC Analyst, Federal Programs

Analyst
Remote
May 18, 2026
Application ends: August 16, 2026

Job Description

REQUIREMENTS

  • 5+ years of hands-on experience in GRC, compliance, or security, with at least 3 of those years focused on federal compliance frameworks such as CMMC or FedRAMP;
  • Demonstrated experience owning deliverables and driving remediation through a CMMC, FedRAMP, or equivalent federal compliance effort;
  • Strong working knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling requirements;
  • Ability to produce compliance documentation — SSPs, POA&Ms, gap analyses, control narratives — without heavy supervision;
  • Proven ability to communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business teams;
  • Experience engaging directly with external auditors and assessors, including evidence packaging and real-time response during assessments;
  • US citizenship required;
  • Ability to obtain a federal Public Trust designation if required by a sponsoring agency.

RESPONSIBILITIES

  • Serve as a member of our client’s GRC team, contributing to security compliance across all products and services, with primary ownership of federal programs;
  • Define and maintain the CMMC assessment boundary, working across infrastructure, engineering, and business teams to ensure the scope is accurate and defensible;
  • Map NIST SP 800-171 practices to our client’s current environment and produce a clear, evidence-based gap analysis;
  • Translate identified gaps into prioritized remediation tasks with clear ownership, for audiences ranging from DevOps engineers to clinical operations managers;
  • Build and maintain the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and all artifacts required for assessment;
  • Serve as our client’s primary interface with the C3PAO and assessment team during formal CMMC assessments;
  • Drive FedRAMP readiness in parallel, including control documentation, evidence collection, and continuous monitoring;
  • Contribute to audits and compliance activities across other active frameworks, including SOC 2 and HITRUST, as part of our client’s broader GRC program.

Are you interested in this position?


Apply by clicking on the “Apply Now” button below!

#CrossChannelJobs #JobSearch
#CareerOpportunities #HiringNow
#Employment #JobOpenings
#JobSeekers
#FacebookLinkedIn

Related Jobs