Cybersecurity Risk and Compliance Analyst

About The Position

Requirements

• Experience in GRC, cybersecurity compliance, or audit support (typically 2+ years)
• Familiarity with frameworks such as FedRAMP, NIST SP 800-53, or similar compliance programs
• Experience working with auditors or assessment organizations (e.g., 3PAOs) is a plus
• Exposure to cloud environments such as AWS or Azure
• The FedRAMP lifecycle and continuous monitoring processes
• NIST 800-53 control families
• POA&M management and risk tracking
• Analyzing technical controls and clearly documenting compliance
• Working with compliance or GRC tools, ticketing systems, or evidence repositories
• Enjoy bringing structure and clarity to complex requirements
• Detail-oriented but can also see the bigger picture
• Comfortable collaborating across technical and non-technical teams
• Communicate clearly, especially when working with documentation and evidence
• Proactive and curious, with a mindset of continuous improvement

Responsibilities

• Support FedRAMP & NIST Compliance: Support authorization, compliance, and continuous monitoring activities, Interpret and apply security controls and control enhancements, Keep key documentation up to date, including system security plans, policies, and control descriptions, Track compliance against established baselines (Low / Moderate / High)
• Partner on audits and assessments: Work cross-functionally to ensure we’re always audit-ready, Coordinate and support third-party audits (including 3PAO assessments), Gather and review evidence from engineering, infrastructure, and operations teams, Respond to auditor questions and information requests, Help track remediation efforts and support closure of identified gaps, Contribute to annual assessments, penetration test reviews, and vulnerability reporting
• Contribute to continuous monitoring: Help maintain a strong and consistent compliance posture by supporting monthly FedRAMP continuous monitoring activities, Reviewing vulnerability scans and tracking remediation progress, Coordinating incident reporting and change management impacts, Ensuring changes follow approved compliance processes, Identifying and escalating potential compliance risks
• Collaborate across teams: Act as a bridge between technical and non-technical stakeholders, Partner with Cloud Engineering, DevOps, Security Operations, Legal, and Product teams, Translate technical controls into clear, audit-ready documentation, Support internal reporting and briefings on compliance status and risk
• Support governance and documentation: Maintain organized compliance evidence repositories, Assist with internal audits and readiness assessments, Contribute to updates of policies and standards aligned to federal requirements, Support responses to customer and government security questionnaires

Benefits

• excellent time away from work programs
• comprehensive wellness initiatives
• competitive pay and benefits
• volunteer days