GRC Analyst

Governance, Risk, and Compliance (GRC) Analyst – Data & Insights (D&I) Solutions Tyler Technologies is seeking a *Governance, Risk, and Compliance (GRC) Analyst* to support our Data & Insights (D&I) solutions within the Security team. This role offers an opportunity to own and evolve the compliance posture of Tyler’s D&I cloud platform, primarily focusing on sustaining and strengthening our FedRAMP Moderate Authorization to Operate (ATO) in an evolving regulatory landscape. As a central driver of audit readiness, continuous monitoring, and compliance program execution, you will partner closely with Security, Engineering, Infrastructure & Release (TIRE), Legal, Privacy, and external assessors. The fast‑paced, results‑driven environment requires strong coordination, documentation quality, and risk‑informed decision‑making to deliver secure, compliant, and resilient cloud services. Location Seattle, Washington | Remote Responsibilities Own FedRAMP Moderate authorization sustainment and audit readiness. Manage continuous monitoring (ConMon), POA&Ms, annual assessments, evidence quality, and overall ATO health. Lead readiness for evolving FedRAMP standards, including FedRAMP 2020. Track program changes, identify compliance gaps, and coordinate documentation and process updates. Serve as the primary compliance program coordinator for the D&I Security team. Partner across Security, Engineering, Infrastructure & Release (TIRE), Legal, Corporate Security and Privacy, and external assessors to deliver consistent, audit‑ready outcomes. Own FedRAMP change management and authorization boundary governance. Manage Security Impact Analyses (SIAs), Significant Change Requests and Notifications (SCRs/SCNs), authorization boundary documentation, and federal / Authorizing Official (AO) communications. Support risk‑based decision‑making. Document control exceptions, risk acceptances, and compensating controls in alignment with FedRAMP and organizational governance. Coordinate external assurance activities, including SOC2 TypeII assessments. Manage auditor engagement, evidence collection, findings tracking, and alignment with existing FedRAMP/NIST controls. Maintain the system‑of‑record for compliance documentation and artifacts. Own the System Security Plan (SSP), ConMon plan, control narratives, diagrams, and appendices to ensure accuracy, traceability, and defensibility. Drive multi‑framework compliance alignment across regulated environments. Support FedRAMP, CJIS, HIPAA, and GDPR through gap identification, baseline documentation, and evidence reuse. Plan and execute internal compliance assessments. Manage annual OWASP SAMM re‑assessments, periodic Cloud Security Assessments (AWS Well‑Architected), and internal CJIS audits to measure maturity and prevent compliance drift. Support D&I’s cloud security and Tyler’s security maturity initiatives. Manage applicable assessments and re‑assessments, and align outcomes with broader security and compliance goals. Continuously improve compliance processes and maturity. Reduce manual effort, improve evidence quality, and prepare the organization for increased automation and reporting expectations. Qualifications Soft Skills Strong organization and prioritization skills. Ability to manage continuous monitoring, POA&Ms, evidence collection, change tracking, and audit deliverables across overlapping timelines without losing accuracy. Clear, accurate written and verbal communication. Ability to document controls and evidence clearly and explain compliance requirements, risks, and decisions to engineers, auditors, customers, and non‑technical stakeholders. Collaborative, cross‑functional working style. Comfort partnering with Security, Engineering, Infrastructure, Legal, Privacy, and external assessors to drive consistent, audit‑ready outcomes. Detail‑oriented with a systems‑level perspective. Ability to track control requirements, dependencies, and boundary impacts while understanding how individual updates affect overall authorization health. Reliability and accountability. Consistently follows through on assigned work, maintains accurate records, meets deadlines, and communicates status, risks, or blockers early. Comfort working within structured frameworks and deadlines. Operate effectively within FedRAMP, NIST, SOC2, and similar frameworks, including audits, assessments, and recurring reporting cycles. Practical problem‑solving mindset. Identify gaps, inconsistencies, or risks in documentation or processes and work with others to resolve them pragmatically. Proactive learning and openness to feedback. Build expertise in FedRAMP, NIST, CJIS, HIPAA, GDPR, and regulatory requirements over time and incorporate feedback into work. Adaptability and resilience. Adjust to changing regulatory guidance, audit findings, and shifting priorities while maintaining quality and professionalism. Stakeholder‑ and trust‑focused mindset. Appreciate how strong compliance practices support customer trust, audit confidence, and long‑term platform credibility. Tools and Technologies FedRAMP Moderate compliance and authorization tooling. Use SSPs, control narratives, ConMon deliverables, POA&Ms, SARs, and maintain audit‑ready system‑of‑record documentation. NIST‑based security frameworks. Especially NIST SP800‑53 Rev.5; map controls to technical and procedural implementations, evaluate control inheritance, and support baseline tailoring across regulated environments. Experience supporting regulated compliance programs. FedRAMP Moderate, CJIS, SOC2 TypeII, HIPAA, and GDPR with emphasis on overlap analysis, evidence reuse, and consistency across frameworks. AWS cloud environments (working knowledge). IAM, CloudTrail, AWS Config, Security Hub, GuardDuty, VPC networking; assess compliance impact, authorization boundary changes, and shared responsibility considerations. Identity and access management concepts. Familiarity with NIST SP800‑63 series, IAL/AAL/FAL, federated identity models (SAML, OIDC, OAuth2.0), and privileged access management fundamentals. Security monitoring and audit evidence sources. SIEM and centralized logging platforms (e.g., Sumo Logic); evaluate alerting, log retention, and evidence quality for continuous monitoring and audit support. Vulnerability management workflows. Scanning tools (Nessus, AquaSec, Invicti, Qualys); risk rating methodologies, remediation tracking, and POA&M lifecycle management. Change management and security impact analysis processes. SIAs, SCRs/SCNs, authorization boundary documentation, and coordination of approval workflows with internal and external stakeholders. Secure development lifecycle (SDLC) and configuration management concepts. Align with NIST SA, CM, and SI control families; evaluate engineering practices, CI/CD security signals, and control effectiveness. Collaboration and documentation platforms. Confluence and Jira for compliance tracking, evidence coordination, and audit workflows; GitHub for policy versioning, evidence references, and change traceability. Basic automation and reporting skills. Spreadsheets, lightweight scripting, or GRC platform automation to improve evidence accuracy, reporting consistency, and delivery timelines. Background check and CJIS clearance. Ability to pass a federal background check and maintain CJIS clearance as required. Other Bachelor’s degree in Computer Science, Engineering, Mathematics, Information Systems, or a related field preferred. Valued certifications: CISSP, CCSP, CRISC, or CISA; cloud or identity‑focused certifications (e.g., AWS Security Specialty) are a plus. State‑Specific Salary Range Disclosure Requirements Salary will generally fall between $74,575 and $120,000 before adjustments for geographic differences. Recruiter can confirm if the position is incentive eligible. Taking Care of You & Your Family Your health and well‑being are important to us. We invest in our team by offering competitive benefits to support health and financial wellness. Learn more about how we care for our people. Equal Opportunity & Accommodation Tyler Technologies is a proud equal‑opportunity employer. All qualified applicants will receive consideration without regard to race, creed, gender, marital status, sexual orientation, citizenship status, color, religion, national origin, age, disability, protected veteran status, or any other status protected under local, state, or federal laws. If you require reasonable accommodation for any part of the application or hiring process due to a disability, please submit your request by emailing View email address on click.appcast.io or calling View phone number on click.appcast.io ext. 791008. Application Information Requisition Number: 2026‑8554 Remote: Hiring strategy: #LI‑Remote #LI‑SB1 Apply Online. #J-18808-Ljbffr