Compliance & Policy Analyst - Agentic AI

About The Position

Requirements

• Minimum of BS with 5+ years of experience, MS/PhD with 3+ years of experience in security compliance, GRC, cybersecurity policy, or related compliance-focused roles
• Deep hands-on experience authoring and maintaining System Security Plans (SSPs) aligned to NIST 800-171 and NIST 800-53
• Demonstrated experience supporting systems through ATO efforts, formal security assessments, and/or CMMC readiness activities
• Experience managing POA&Ms, coordination remediation tracking, and running structured evidence collection cycles
• Strong background serving as a primary point of contact for auditors, assessors, and compliance stakeholders
• Proven ability to build and maintain policy libraries, standards, and SOPs aligned to a formal control framework
• Ability to read and interpret architecture diagrams, infrastructure-as-code, and technical documentation well enough to validate that control narratives reflect implemented reality
• Working knowledge of AWS and cloud-native environments, including concepts such as EKS, IAM, logging, encryption, and cloud security controls
• Exceptional attention to detail, with the ability to identify vague, conflicting, or incomplete documentation and drive clarity
• Strong written communication skills, with the ability to translate technical implementation into concise, auditor-ready language
• US Citizenship is required for this position

Nice To Haves

• Experience supporting CMMC Level 2 preparation, assessment, or sustainment activities
• Background contributing to FedRAMP or DoD ATO packages
• Experience working in highly technical cloud or platform environments where security controls must be mapped directly to operational systems
• Familiarity with evidence management, control traceability, and structured documentation practices in regulated environments
• Experience collaborating closely with cloud, DevSecOps, or platform engineering teams
• Ability to operate effectively in an environment where compliance maturity is actively being built and refined

Responsibilities

• Own and maintain the written compliance posture of the Agentic AI platform
• Author, update, and evolve System Security Plans (SSPs) and related compliance artifacts in support of ATO and broader assessment efforts
• Develop additional SSPs and associated documentation required to support expanding authorization needs
• Build, organize, and maintain a comprehensive security policy and SOP library aligned to relevant control frameworks
• Manage POA&Ms, including documenting gaps, tracking remediation progress, and maintaining visibility into open items
• Coordinate and run evidence collection cycles in support of internal reviews, external assessments, and audit activities
• Serve as the primary compliance point of contact for internal auditors, external assessors, and compliance stakeholders
• Partner closely with platform, cloud, and security engineers to validate that documented control narratives accurately reflect implemented infrastructure and operational practices
• Review architecture diagrams, infrastructure-as-code, technical diagrams, and engineering documentation to ensure compliance materials remain accurate and defensible
• Help ensure consistency, traceability, and quality across all compliance documentation and supporting artifacts
• Identify documentation gaps, policy inconsistencies, or control narrative issues early and drive them to resolution
• Support the maturation of repeatable compliance processes that strengthen audit readiness over time