Compliance Analyst (GRC/RMF Focused)

Job Description

Job Description

Job Title: Compliance Analyst (GRC/RMF Focused)

Pay Type : SALARIED EXEMPT

Location: Hybrid, Washington, DC (DMV Area)

Summary of Position Role/Responsibilities

The Compliance Analyst (GRC/RMF Focused) supports governance, risk, and compliance (GRC) initiatives by developing, maintaining, and managing security documentation and compliance artifacts aligned with federal standards. This role plays a key part in supporting Risk Management Framework (RMF) activities, continuous monitoring, and authorization efforts across federal and regulated environments. This role requires strong expertise in NIST SP 800-53, FISMA, and related guidance, with the ability to translate technical system configurations into clear, audit-ready documentation. The ideal candidate is detail-oriented, organized, and capable of managing multiple compliance workstreams while engaging effectively with both technical and non-technical stakeholders.

Essential Functions of the Job

• Experience authoring and maintaining security documentation, including System Security Plans (SSPs), control implementation statements, policies, and procedures
• Strong knowledge of NIST SP 800-53 Moderate and High baselines and FISMA requirements
• Ability to develop documentation in accordance with Agency-specific security and compliance requirements
• Experience supporting FedRAMP and/or CMMC compliance efforts
• Working understanding of SOC 2 principles and control structures
• Hands-on experience with GRC tools
• Ability to translate technical system configurations into clear, audit-ready documentation
• Experience developing and managing POA&Ms and supporting continuous monitoring activities
• Strong understanding of NIST standards and supporting guidance (e.g., 800-60, 800-37, 800-171, 800-137)
• Ability to engage directly with customers, lead discussions, and clearly communicate requirements to both technical and non-technical stakeholders
• Strong written and verbal communication skills with a focus on clarity and professionalism
• Proven ability to manage multiple priorities and meet strict deadlines in a fast-paced environment
• High attention to detail with strong organizational and documentation management skills
• Proficiency with standard business tools (e.g., Microsoft Word, Excel, SharePoint, Teams)
• Technical proficiency with On Prem environments, Cloud environments, and associated security concepts
• Basic understanding of AI tools and ability to leverage them for documentation development (including effective prompting techniques)
• Ability to work independently while coordinating effectively across internal teams and stakeholders.

Marginal Functions of the Job

• Other duties as assigned

Normal Work Schedule

This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.

Education, Training, and Experience

• Bachelor’s degree in Cybersecurity, Information Technology, Information Systems, or a related field.
• 3–6+ years of experience in GRC, RMF, or cybersecurity compliance roles within federal or regulated environments.
• Strong knowledge of NIST SP 800-53, FISMA, and supporting NIST guidance (e.g., 800-37, 800-60, 800-171, 800-137).
• Experience supporting FedRAMP, CMMC, and/or SOC 2 compliance efforts.
• Hands-on experience with GRC platforms and compliance tracking tools.
• Technical understanding of on-premise and cloud environments and associated security concepts.
• Proven ability to produce audit-ready documentation and manage compliance artifacts.
• Strong written and verbal communication skills with the ability to clearly convey complex information.
• Demonstrated ability to manage multiple projects and deadlines with strong organizational skills.
• Experience working independently while coordinating across cross-functional teams.
• Must be a U.S. Citizen and eligible to support federal contracting environments.

Preferred Certifications

• CISA (Certified Information Systems Auditor)
• Security+, CISSP, or similar cybersecurity certification
• FedRAMP or RMF-related training or certifications are a plus

EEO Statement

The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.