Compliance Analyst (GRC/RMF Focused)

FULL TIMEmid

Finance & AccountingCompliance Analyst

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

Job Title: Compliance Analyst (GRC/RMF Focused) Pay Type: SALARIED EXEMPT Location: Remote Summary of Position Role/Responsibilities The Compliance Analyst (GRC/RMF Focused) supports governance, risk, and compliance (GRC) initiatives by developing, maintaining, and managing security documentation…

Technical Tools

excelcybersecurity

Responsibilities

~1 min read

The Compliance Analyst (GRC/RMF Focused) supports governance, risk, and compliance (GRC) initiatives by developing, maintaining, and managing security documentation and compliance artifacts aligned with federal standards. This role plays a key part in supporting Risk Management Framework (RMF) activities, continuous monitoring, and authorization efforts across federal and regulated environments. This role requires strong expertise in NIST SP 800-53, FISMA, and related guidance, with the ability to translate technical system configurations into clear, audit-ready documentation. The ideal candidate is detail-oriented, organized, and capable of managing multiple compliance workstreams while engaging effectively with both technical and non-technical stakeholders.

Experience authoring and maintaining security documentation, including System Security Plans (SSPs), control implementation statements, policies, and procedures
Strong knowledge of NIST SP 800-53 Moderate and High baselines and FISMA requirements
Ability to develop documentation in accordance with Agency-specific security and compliance requirements
Experience supporting FedRAMP and/or CMMC compliance efforts
Working understanding of SOC 2 principles and control structures
Hands-on experience with GRC tools
Ability to translate technical system configurations into clear, audit-ready documentation
Experience developing and managing POA&Ms and supporting continuous monitoring activities
Strong understanding of NIST standards and supporting guidance (e.g., 800-60, 800-37, 800-171, 800-137)
Ability to engage directly with customers, lead discussions, and clearly communicate requirements to both technical and non-technical stakeholders
Strong written and verbal communication skills with a focus on clarity and professionalism
Proven ability to manage multiple priorities and meet strict deadlines in a fast-paced environment
High attention to detail with strong organizational and documentation management skills
Proficiency with standard business tools (e.g., Microsoft Word, Excel, SharePoint, Teams)
Technical proficiency with On Prem environments, Cloud environments, and associated security concepts
Basic understanding of AI tools and ability to leverage them for documentation development (including effective prompting techniques)
Ability to work independently while coordinating effectively across internal teams and stakeholders.

Other duties as assigned

This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.

Bachelor’s degree in Cybersecurity, Information Technology, Information Systems, or a related field.
3–6+ years of experience in GRC, RMF, or cybersecurity compliance roles within federal or regulated environments.
Strong knowledge of NIST SP 800-53, FISMA, and supporting NIST guidance (e.g., 800-37, 800-60, 800-171, 800-137).
Experience supporting FedRAMP, CMMC, and/or SOC 2 compliance efforts.
Hands-on experience with GRC platforms and compliance tracking tools.
Technical understanding of on-premise and cloud environments and associated security concepts.
Proven ability to produce audit-ready documentation and manage compliance artifacts.
Strong written and verbal communication skills with the ability to clearly convey complex information.
Demonstrated ability to manage multiple projects and deadlines with strong organizational skills.
Experience working independently while coordinating across cross-functional teams.
Must be a U.S. Citizen and eligible to support federal contracting environments.

Nice to Have

~1 min read

CISA (Certified Information Systems Auditor)
Security+, CISSP, or similar cybersecurity certification
FedRAMP or RMF-related training or certifications are a plus

The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.