GRC Analyst I
C2 Labs, Inc.
Job Description
Job Description
C2 Labs [ partners with clients on their IT transformation journey via data-driven IT strategic planning, application rationalization and redevelopment, and innovative research and development of new industry standards and technologies. C2 Labs provides specialized products and services that allow our clients to innovate with speed and scale seamlessly while maintaining a robust and effective security posture. C2 has a unique approach to client success enablement that is empowered by ART (Application Rationalization and Transformation) and SCIENCE (Strategic Client Interview and Engineering to assess, design, and implement Cloud Ecosystems) to couple creative new approaches/technologies with proven methodologies that deliver rapid results.
Must Live in the Knoxville, Tennessee metro area and Must be a US Citizen and capable of passing a Public Trust background investigation. For a two year contract.
Job Summary: As a Governance Risk and Compliance (GRC) Analyst 1 at C2 Labs you will work with a team of security analysts and engineers to implement regulatory frameworks such as the Federal Information Security Modernization Act (FISMA), the Federal Risk Authorization Management Program (FedRAMP) and the State Risk Authorization Management Program (StateRAMP). You will leverage GRC tools to develop security authorization package documentation such as the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), and the Plan of Actions & Milestones (POA&M) in human readable and machine-readable formats. You will draft security control implementation statements with enough detail to facilitate the testing of the controls and will develop supporting documentation including the Contingency Plan (CP), Incident Response Plan (IRP), and Configuration Management Plan (CMP). As a GRC Analyst 1 your primary responsibility will be to ensure the timely development of the security authorization package in accordance with C2 Labs quality standards.
Job Responsibilities: Categorize systems in accordance with Federal Information Processing Standards (FIPS) 199 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-60. Select and tailor security controls by applying scoping guidance in accordance with NIST SP 800-53 and FedRAMP specific guidance. Document the implementation characteristics for security controls with enough detail to permit the testing of the security control by an independent assessor/Third Party Assessment Organization (3PAO).● Develop, review, and update security authorization package documentation to include the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Governance Risk and Compliance (GRC) Analyst 1 Report (SAR), and Plan of Actions and Milestones (POA&M). ● Develop, review, and update supporting documentation including the Contingency Plan (CP), Incident Response Plan (IRP), and Configuration Management Plan (CMP). ● Conduct Security Impact Assessments (SIAs) on changes to information systems
● Create the Control Implementation Summary (CIS)/Customer Responsibility Matrix (CRM) workbook outline Cloud Service Provider (CSP) and customer responsibilities.
● Develop, review, and update policies and procedures to support the implementation of the NIST 800-53 control families.
● Leverage the next generation of Governance Risk and Compliance (GRC) tools to automate the creation of the SSP. ● Review current security assessment and authorization processes and provide recommendations for improvement.
● Develop Risk Assessment Reports (RAR).
● Provide guidance on NIST 800-53, FedRAMP, and StateRAMP control requirements.
● Develop and deliver training to educate stakeholders on the various tasks and activities associated with the RMF.
Qualifications:
● Minimum 1-3 years’ experience in IT consulting specializing in Governance, Risk, and Compliance using the RMF.
● CISSP, CISM, or CAP certification is preferred but not required.
● Excellent communication and interpersonal skills, with the ability to build a rapport and trust with clients.
● Knowledge of the cybersecurity industry to include regulatory frameworks such as the National Institute of Standards in Technology (NIST) Risk Management Framework (RMF), Federal Risk Authorization Management Program (FedRAMP), Department of Defense (DoD) Impact Levels (2-6), and the State Risk Authorization Management Program (StateRAMP). Governance Risk and Compliance (GRC) Analyst 1
● Possesses an in-depth understanding of the FedRAMP authorization process and associated templates and deliverables.
● Must have experience creating security authorization package documentation (i.e., SSP, SAP. SAR, & POA&M) and managing system authorization artifacts for a FedRAMP authorized cloud environment.
Working knowledge of:
● NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
● FedRAMP Security Controls Baselines (i.e., Low, Moderate, High, and Li-SaaS)
● StateRAMP Security Control Baselines (i.e., Low Impact Ready, Low Impact Authorized, Moderate Impact Ready, Moderate Impact Authorized)
● NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems
● Must have strong technical writing skills.
● Must be able to work independently under only general direction.
● Must be able to interpret and provide consulting expertise on FedRAMP security requirements.
● Must have extensive knowledge in reviewing, analyzing, and documenting the secure implementation of logical controls, physical controls, environmental controls, personnel security, and incident handling.
● Experience preparing monthly continuous monitoring deliverables (e.g., vulnerability scans, POA&Ms, and asset inventory) for submission to the FedRAMP PMO.
● Must be a US Citizen and capable of passing a Public Trust background investigation.
EEO Statement
We are an equal opportunity employer. All qualified applicants will be considered without discrimination based on race, color, religion, sex, national origin, age, disability, or protected veteran status. Employment offers will be contingent on passing a pre-employment drug screen.
Practical AI Application
- Applies AI tools to streamline workflows, enhance decision-making, and improve outcomes
- Understands the strengths and limitations of AI systems and exercises sound judgment in their use
- Continuously explores new AI capabilities and integrates them into day-to-day work where appropriate
- Uses AI in alignment with company and customer-specific policies, data privacy standards, and ethical guidelines
- Exercises discretion when using AI with sensitive or proprietary information
- Demonstrates awareness of bias, accuracy, and risk considerations when leveraging AI tools
$95k - $105k
...Job Description Job Description Sr. GRC Analyst About Subsplash Subsplash is an exciting award-winning team of 280+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005, we've remained family owned and...SuggestedTemporary workCurrently hiringRemote workRelocation- ...Job Description Job Description C2 Labs is looking for a Junior FedRAMP Consultant (GRC Analyst I) to support technical writing and evidence operations for FedRAMP authorization and ongoing ConMon. This is a great role if you’re detail-oriented, enjoy structured...SuggestedFor contractorsRemote work
- ...Job Description Job Description C2 Labs is hiring a Senior FedRAMP Consultant (GRC Analyst III equivalent) to act as a lead technical writer for FedRAMP authorization packages and ongoing ConMon operations. If you can translate real-world cloud security implementations...SuggestedFor contractorsRemote work
- Risk Specialist I - Sanctions Location: On site in Miami Lakes, FL; Memphis, TN; Orlando, FL; Johnson City, TN; Birmingham, AL, Asheboro, NC; Knoxville, TN; Nashville, TN; Naples, FL or Longwood, FL Summary: The position is responsible for performing confidential...SuggestedWork at office
$85.1k - $123.2k
...Risk & Controls Analyst CGI is seeking a Risk Analyst to support governance, risk, and controls initiatives within a highly regulated... ...include: 5+ years of experience within Governance, Risk & Controls (GRC), Operational Risk Management, or similar areas such as Audit,...SuggestedWork at office- If you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process. Compliance Manager Full Time Professional Knoxville, TN, US 22 days ago Requisition ID: 1045 *THIS IS NOT A REMOTE...Full timeWork at office
- The Regulatory Manager will be responsible for the planning, management, and execution of all regulatory activities for clinical research studies conducted at AMR. Oversight of regulatory team to ensure the complete and accurate performance of all regulatory activities...Work experience placement
- Command Investigations is seeking a team member in Knoxville, TN, focusing on AOE/COE, Auto, or Homeowners Investigations. Responsibilities include writing accurate, detailed reports and securing written/recorded statements. Candidates must possess strong initiative and...
- ...and responsibilities listed below. While implementing or recommending action to ensure compliance and minimize risk, the Compliance Analyst should be conscious of streamlining efforts, cost effectiveness, safety and soundness, and proper maintenance of the internal...Work at office
- Covenant Health is looking for a Credentialing Specialist to manage Payer Enrollment and Hospital credentialing tasks in Knoxville, TN. This full-time position involves acting as a liaison, processing applications, and maintaining credentialing databases with confidentiality...Full time
$52 - $63 per hour
Insurance Field Inspector Knoxville & Surrounding We are a regional insurance inspection firm servicing the southeastern United States. At the request of a few clients we opened the state of TN. Our current Knoxville rep is down with a broken foot and looking to shrink...Local areaWork from home- ...Fraud Analyst Agency Supported: U.S. Department of Justice (DOJ) - MEGA 6 Automated Litigation Support Position Type: Full-Time, Contingent Upon Award Location: Remote Clearance: Public Trust - Candidates do not need to be cleared at the time of application...Full timeContract workInterim roleRemote workWork from homeHome officeFlexible hours
$44.8k
Description & Requirements Maximus is searching for an IT Auditor role supporting upcoming federal OPTN work, contingent upon contract award. In this role, you will help safeguard the integrity, reliability, and security of critical technology systems by planning and ...Minimum wageFull timeContract workTemporary workWork experience placement- ...suitability is preferred. Must be a U.S. Citizen without dual citizenship. This role is remote. The Risk, Quality, and Performance Analyst serves as the Risk, Quality, and Performance Analyst supporting an enterprise IT services contract. This role is responsible for...Minimum wageFull timeContract workTemporary workWork experience placementRemote work
- SmartBank in Knoxville, Tennessee is seeking a Mortgage Disclosure Specialist to prepare and review mortgage disclosures while ensuring compliance with TRID regulations. The role requires strong organizational and customer service skills, with a focus on accuracy in preparing...Full time
$53.92k - $67.01k
...Title: Analyst I Number of Positions: 1 Department: Application Programing Support Classification: 2 - Hybrid Pay Rate: $$53,920 - $67,010/per year. Pay will be determined based on related work experience above required. To be considered...Full timeTemporary workPart timeWork experience placementWork at office$165k - $185k
THIS POSITION IS 100% ON-SITE IN GERMANTOWN, MARYLAND. This position provides relocation support to the Germantown area. Global Engineering & Technology (GET) is seeking qualified individuals for the position of Nuclear Weapons Subject Matter Expert (SME) in ...Full timeTemporary workWork at officeRelocation package- ...Position Title: CSI Specialist Location: Knoxville Job Family: Analyst Reports to: Manager, Category & Shopper Insights Summary Supports achievement of brand goals and successful execution of brand strategies through use of syndicated data and consumer information in development...Work at office
$62.48k - $73.84k
...Transportation AnalystApplylocations: USA-TN-Knoxvilletime type: Full timeposted on: Posted Todayjob requisition id: 886275Transportation Analyst## **Job Description**You were made to create Better Care for a Better World. As a person, you’re a problem-solver – a connector –...Full timeInternshipWork at officeLocal areaImmediate startRelocation package- Chief Risk Officer (CRO) About the Company Respected banking organization Industry Banking Type Privately Held About the Role The Company is in search of a Chief Risk Officer to lead the strategic planning and oversight of its enterprise...
- Job Responsibilities Responsible for on-site and/or remote installation, implementation, maintenance, troubleshooting and/or repair of desktops, notebooks, and associated peripherals. Windows troubleshooting, diagnosing, imaging/deployment and software installation. Serves...Remote work
- ...Summary: The Contract Analyst will coordinate and administer the processing of all contracts and/or subcontracts for assigned divisions within the company from bid time through the close out of the project(s). Essential Duties and Responsibilities: ~ Reading...Contract workFor subcontractor
- ...Investigative Analyst Help As an Investigative Analyst at the GS-1805-9 level, some of your typical work assignments may include: Gathering, researching, and analyzing various types of data from federal, state, local and public agencies. Providing administrative...Local area
$75k - $100k
...Senior Analyst, Edits | Payment Integrity (Remote) CGI is seeking a results-oriented Senior Analyst to join our growing Edits team. In this pivotal role, you will be responsible for expansively growing CGI's edits library and driving measurable value by identifying...Local areaRemote work- ...Program Analyst The mission of the U.S. Department of Housing and Urban Development is to foster strong communities by supporting access to quality, affordable housing, expanding the housing supply, and unlocking homeownership opportunities for the American people....Work at officeLocal area
- ...Business Analyst (Mortgage/Lending Experience MUST) Location: Knoxville, TN (Hybrid) Duration: 12 Months (Need USC or GC) • 10 years of Business Analysis Experience. • Preparing, Facilitating, Documenting, and participating in client Meetings/Workshops conducting...
$46.4k - $110.1k
...Junior Business Analyst Category: Business Analysis (functional and technical) Main location: United States, Louisiana, Lafayette Alternate Location(s): United States, Tennessee, Knoxville Position ID: J0626-1945 Employment Type: Full Time U.S.- LFY...Full timeWork experience placementWork at officeLocal area- ...Title: Data Analyst Location: UT Federal Credit Union Corporate Headquarter (Onsite) At UT Federal Credit Union, we believe great decisions start with great data. We're seeking a Data Analytics & Business Intelligence Analyst who is passionate about transforming...
- ...professionals to deliver high‑impact solutions while contributing to outcomes that matter at a national scale. The Junior CIC Analyst supports 24x7 Command and Incident Center operations by executing routine service requests, performing basic break/fix activities,...Minimum wageFull timeContract workTemporary workWork experience placementRemote workShift workNight shift
- About Lantern Lantern is the specialty care platform connecting people with the best care when they need it most. By curating a Network of Excellence comprised of the nation's top specialists for surgery, cancer care, infusions and more, Lantern delivers excellent care...Full time
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to GRC Analyst I. Be the first to apply!


