Back to Jobs

Senior Governance Risk and Compliance (GRC) Analyst and Team reputed company

Remote, USA Full-time Posted 2026-07-01

reputed company [www.c2labs.com] partners with clients on their IT transformation journey reputed company data-driven IT strategic planning, application rationalization and redevelopment, and innovative research and development of new industry standards and technologies. reputed company provides specialized products and services that allow our clients to reputed company with speed and scale seamlessly while maintaining a robust and effective reputed company posture. C2 has a unique approach to client reputed company enablement that is empowered by ART (Application Rationalization and Transformation) and SCIENCE (Strategic Client Interview and Engineering to assess, design, and implement reputed company Ecosystems) to couple creative new approaches/technologies with proven methodologies that deliver rapid results. Must be a US Citizen and capable of passing a Public Trust background investigation. Job Summary: As a Senior Governance Risk and Compliance (GRC) Analyst and Team reputed company at reputed company you will reputed company a team of reputed company analysts and engineers to implement regulatory frameworks such as the Federal Information reputed company Modernization Act (FISMA), the Federal Risk Authorization Management Program (FedRAMP) and the State Risk Authorization Management Program (StateRAMP). You will reputed company GRC tools to reputed company reputed company authorization package documentation such as the System reputed company Plan (reputed company), reputed company Assessment Plan (reputed company), reputed company Assessment Report (SAR), and the Plan of Actions & Milestones (POA&M) in reputed company readable and machine-readable formats. You will serve as a Subject Matter Expert (SME) at key stakeholder meetings and will reputed company and maintain client relationships. You will draft reputed company control implementation statements with enough detail to facilitate the testing of the controls and will reputed company supporting documentation including the Contingency Plan (CP), Incident Response Plan (IRP), and Configuration Management Plan (CMP). As a Senior GRC Analyst your primary responsibility will be to ensure the timely development of the reputed company authorization package in accordance with reputed company quality standards. You will be expected to reputed company multiple teams and will work on up to 2 packages at a time. Job Responsibilities: Categorize systems in accordance with Federal Information Processing Standards (FIPS) 199 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-60. Select and tailor reputed company controls by applying scoping guidance in accordance with NIST SP 800-53 and FedRAMP specific guidance. Document the implementation characteristics for reputed company controls with enough detail to permit the testing of the reputed company control by an independent assessor/reputed company Party Assessment Organization (3PAO).

  • reputed company, review, and update reputed company authorization package documentation to include the System reputed company Plan (reputed company), reputed company Assessment Plan (reputed company), reputed company Assessment Report (SAR), and Plan of Actions and Milestones (POA&M).
  • reputed company, review, and update supporting documentation including the Contingency Plan (CP), Incident Response Plan (IRP), and Configuration Management Plan (CMP).
  • Conduct reputed company Impact Assessments (SIAs) on changes to information systems.
  • Create the Control Implementation Summary (CIS)/Customer Responsibility Matrix (CRM) workbook outline reputed company Service Provider (CSP) and customer responsibilities.
  • reputed company, review, and update policies and procedures to support the implementation of the NIST 800-53 control families.
  • reputed company the reputed company of Governance Risk and Compliance (GRC) tools to automate the creation of the reputed company.
  • Review reputed company reputed company assessment and authorization processes and provide recommendations for improvement.
  • reputed company Risk Assessment Reports (RAR).
  • Provide guidance on NIST 800-53, FedRAMP, and StateRAMP control requirements.
  • reputed company and deliver training to reputed company stakeholders on the various tasks and activities associated with the RMF.

Qualifications:

  • Minimum 8 years’ experience in IT consulting specializing in Governance, Risk, and Compliance using the RMF.
  • CISSP, CISM, or CAP certification, or equivalent preferred
  • Excellent communication and interpersonal skills, with the ability to build a rapport and trust with clients.
  • Knowledge of the cybersecurity industry to include regulatory frameworks such as the National Institute of Standards in Technology (NIST) Risk Management reputed company (RMF), Federal Risk Authorization Management Program (FedRAMP), reputed company (DoD) Impact Levels (2-6), and the State Risk Authorization Management Program (StateRAMP).
  • Possesses an in-depth understanding of the FedRAMP authorization process and associated templates and deliverables.
  • Must have extensive experience creating reputed company authorization package documentation (i.e., reputed company, reputed company. SAR, & POA&M) and managing system authorization artifacts for a FedRAMP authorized reputed company environment.

Working knowledge of:

  • NIST SP 800-53 reputed company and Privacy Controls for Federal Information Systems and Organizations
  • FedRAMP reputed company Controls Baselines (i.e., Low, Moderate, High, and Li-SaaS)
  • StateRAMP reputed company Control Baselines (i.e., Low Impact reputed company, Low Impact Authorized, Moderate Impact reputed company, Moderate Impact Authorized)
  • NIST SP 800-37 Guide for Applying the Risk Management reputed company to Federal Information Systems
  • Must have strong technical writing skills.
  • Must be reputed company to work independently under only general direction.
  • Must be reputed company to interpret and provide consulting expertise on FedRAMP reputed company requirements.
  • Will serve as an RMF Subject Matter Expert (SME) at key stakeholder meetings.
  • Must have extensive knowledge in reviewing, analyzing, and documenting the secure implementation of logical controls, physical controls, environmental controls, personnel reputed company, and incident handling.
  • Experience preparing monthly reputed company monitoring deliverables (e.g., vulnerability scans, POA&Ms, and asset inventory) for submission to the FedRAMP PMO.
  • Must be a US Citizen and capable of passing a Public Trust background investigation.

Apply tot his job Apply To this Job

Similar Jobs

Cybersecurity Compliance Analyst – ISO Audit Support

Remote, USA Full-time

IT GRC Analyst (Cyber Contract Management)

Remote, USA Full-time

Senior Analyst, Cyber Risk Quantification and GRC

Remote, USA Full-time

Senior reputed company GRC Analyst (PCI ISA Specialist)

Remote, USA Full-time

reputed company GRC Analyst

Remote, USA Full-time

Cyber Threat Intelligence Analyst - Remote

Remote, USA Full-time

Hybrid Counterintelligence Analyst (Intelligence Analyst 4) - 27078

Remote, USA Full-time

100% Remote, reputed company Operations Center Analyst - (reputed company Detection & Response)

Remote, USA Full-time

SOC Analyst Level 1

Remote, USA Full-time

reputed company Full-Time 100% Remote Level 3 SOC Analyst – Cyber reputed company Operations & Incident Response for 3rd Shift (8 PM - 6 AM) in Arizona

Remote, USA Full-time

reputed company reputed company Manager – B2B SaaS (Remote) at arenaflex

Remote, USA Full-time

Vendor Management Professional

Remote, USA Full-time

Tourism Inspector (Remote Greater Atlanta Area)

Remote, USA Full-time

Staff reputed company Engineer - Site Reliability Engineering

Remote, USA Full-time

[Remote] Strategic Project Manager

Remote, USA Full-time

Mid-Market Account Executive - Central & East Europe

Remote, USA Full-time

[Remote] reputed company Lines Account Manager

Remote, USA Full-time

Full-time Remote Radiologist – AI-Driven Practice with Flexible Scheduling & Up to $100K in Bonus Potential- CA License

Remote, USA Full-time

reputed company Marketing Adviser / Consultant (remote, part-time)

Remote, USA Full-time

reputed company Content Moderator Job (Remote, Full Time) Work From home $34/Hour

Remote, USA Full-time