GRC Analyst, Federal Program

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a GRC Analyst, Federal Program in the United States.

This role sits at the center of a fast-evolving security and compliance function, focused on enabling federal readiness across critical healthcare technology programs. You will take ownership of high-impact compliance initiatives, including CMMC certification and FedRAMP readiness, ensuring regulatory requirements are translated into actionable engineering and operational work. The position blends deep regulatory expertise with hands-on execution, requiring close collaboration with engineering, infrastructure, security, and business stakeholders. You will play a key role in defining compliance boundaries, building audit-ready documentation, and driving remediation efforts across the organization. Acting as a primary liaison with external auditors and assessors, you will help shape how federal compliance is achieved and maintained. This is a highly cross-functional, mission-driven environment where clarity, precision, and ownership directly influence organizational readiness and trust.

In this role, you will own and support federal compliance programs, with a primary focus on CMMC certification and FedRAMP readiness, while contributing to broader GRC initiatives across frameworks such as SOC 2 and HITRUST. You will define and maintain compliance boundaries, map regulatory requirements to existing systems, and lead gap assessments aligned with federal standards.

• Serve as a core member of the GRC team with ownership of CMMC and FedRAMP initiatives
• Define assessment scope and maintain a defensible CMMC boundary across systems and environments
• Perform NIST SP 800-171 mapping, gap analysis, and remediation tracking
• Develop and maintain SSPs, POA&Ms, control narratives, and audit documentation
• Translate compliance requirements into actionable remediation tasks for technical and non-technical teams
• Coordinate directly with external auditors and assessors during formal evaluation cycles
• Drive evidence collection, control implementation, and continuous monitoring activities
• Support cross-framework compliance initiatives and organizational security maturity efforts

Requirements

This role requires strong hands-on experience in GRC, with deep familiarity in federal compliance frameworks and the ability to operate independently in high-accountability environments. You should be comfortable navigating both technical systems and regulatory requirements while communicating effectively across diverse stakeholders.

• 5+ years of experience in GRC, compliance, or security roles, including 3+ years in federal frameworks (CMMC, FedRAMP, or equivalent)
• Proven experience leading or contributing to CMMC Level 2 or FedRAMP readiness efforts
• Strong knowledge of NIST SP 800-171 controls, CUI handling, and scoping methodologies
• Ability to produce and maintain audit-ready documentation (SSPs, POA&Ms, gap analyses)
• Experience working directly with external auditors or assessment bodies
• Strong communication skills with the ability to simplify complex compliance concepts for varied audiences
• US citizenship required and eligibility for Public Trust clearance if needed
• Experience with GRC platforms (e.g., Drata, Vanta, Hyperproof) is a plus

Benefits

• Competitive compensation package with base salary, bonus, and equity components
• Comprehensive health, dental, and vision insurance
• Health Savings Account (HSA) options
• 401(k) retirement savings plan
• Life and disability insurance coverage
• Flexible PTO and paid holidays
• Remote-first work environment with flexible scheduling
• Parental leave and family support benefits
• Access to wellness resources, including digital mental health support
• Equity participation in a high-growth organization