Compliance Analyst (GRC/RMF Focused)

About The Position

Requirements

• Strong knowledge of NIST SP 800-53 Moderate and High baselines and FISMA requirements.
• Working understanding of SOC 2 principles and control structures.
• Hands-on experience with GRC tools.
• Ability to translate technical system configurations into clear, audit-ready documentation.
• Strong understanding of NIST standards and supporting guidance (e.g., 800-60, 800-37, 800-171, 800-137).
• Strong written and verbal communication skills with a focus on clarity and professionalism.
• High attention to detail with strong organizational and documentation management skills.
• Proficiency with standard business tools (e.g., Microsoft Word, Excel, SharePoint, Teams).
• Technical proficiency with On Prem environments, Cloud environments, and associated security concepts.
• Basic understanding of AI tools and ability to leverage them for documentation development (including effective prompting techniques).
• Ability to work independently while coordinating effectively across internal teams and stakeholders.
• Bachelor’s degree in Cybersecurity, Information Technology, Information Systems, or a related field.
• 3–6+ years of experience in GRC, RMF, or cybersecurity compliance roles within federal or regulated environments.
• Strong knowledge of NIST SP 800-53, FISMA, and supporting NIST guidance (e.g., 800-37, 800-60, 800-171, 800-137).
• Experience supporting FedRAMP, CMMC, and/or SOC 2 compliance efforts.
• Hands-on experience with GRC platforms and compliance tracking tools.
• Technical understanding of on-premise and cloud environments and associated security concepts.
• Proven ability to produce audit-ready documentation and manage compliance artifacts.
• Strong written and verbal communication skills with the ability to clearly convey complex information.
• Demonstrated ability to manage multiple projects and deadlines with strong organizational skills.
• Experience working independently while coordinating across cross-functional teams.
• Must be a U.S. Citizen and eligible to support federal contracting environments.

Nice To Haves

• FedRAMP or RMF-related training or certifications are a plus

Responsibilities

• Develop, maintain, and manage security documentation and compliance artifacts aligned with federal standards.
• Support Risk Management Framework (RMF) activities, continuous monitoring, and authorization efforts.
• Translate technical system configurations into clear, audit-ready documentation.
• Manage multiple compliance workstreams.
• Engage effectively with both technical and non-technical stakeholders.
• Author and maintain security documentation, including System Security Plans (SSPs), control implementation statements, policies, and procedures.
• Develop documentation in accordance with Agency-specific security and compliance requirements.
• Support FedRAMP and/or CMMC compliance efforts.
• Develop and manage POA&Ms and support continuous monitoring activities.
• Engage directly with customers, lead discussions, and clearly communicate requirements to both technical and non-technical stakeholders.
• Manage multiple priorities and meet strict deadlines in a fast-paced environment.
• Coordinate effectively across internal teams and stakeholders.