Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

GRC Analyst, Federal & Customer Programs

$189k - $225k

Spire

The GRC Analyst, Federal & Customer Programs is responsible for the hands‑on analysis, documentation, and operational execution of the company's security governance, risk, and compliance obligations. This role sits at the intersection of customer contracts, regulatory frameworks, and the company's security control environment — translating external requirements into clear, traceable internal commitments and evaluating how well current capabilities satisfy them. A meaningful portion of this role is dedicated to ongoing contract and requirements analysis as new programs are awarded and existing programs evolve. The GRC Analyst serves as the security function's primary reviewer of incoming contractual cybersecurity language and works directly with legal and sourcing on flow‑down negotiation and redlines. This is a detail‑oriented, writing‑intensive role requiring strong analytical judgment, fluency across multiple compliance frameworks, and the ability to work effectively with legal, sourcing, program management, engineering, and security operations stakeholders. Key Responsibilities Contract & Requirements Analysis Review customer contracts, statements of work, security annexes, CDRLs, data protection addenda, and flow‑down clauses to identify cybersecurity, privacy, and information handling obligations applicable to the company. Extract and catalog specific security requirements from contractual language, and translate them into structured, testable statements suitable for traceability and control mapping. Compare identified requirements against the company's current product scope, control environment, and certification posture to determine where compliance is already met, partially met, or requires new implementation work. Produce gap analyses, compliance matrices, and Requirements Traceability Matrix (RTM) artifacts that clearly communicate the state of compliance for a given contract, program, or system. Serve as the security function's primary point of contact for legal and sourcing during contract review, redline cycles, and flow‑down negotiation, including review of subcontractor and supplier flow‑down language. Framework Mapping & Interpretation Maintain working proficiency across the frameworks relevant to the company's regulatory and contractual posture, including NIST SP 800-171, NIST SP 800-53, NIST CSF, CMMC, ISO 27001, FedRAMP, and applicable European frameworks such as NIS2 and GDPR. Map controls across frameworks to minimize duplicated work and enable consistent responses to overlapping requirements; contribute to a shared control inventory used by compliance, security, and program teams. Interpret framework language and authoritative guidance (NIST publications, DoD guidance, regulator FAQs) in the context of specific company systems and business scenarios and elevate ambiguity for formal risk decisions when appropriate. Governance, Policy & ISMS Support Contribute to the maintenance of the company's Information Security Management System (ISMS) documentation set, including keeping control descriptions, evidence references, and scope statements accurate and current. Support the policy and standard lifecycle, including periodic review cycles, version control, exception governance, and clarification of control owner accountability. Produce compliance posture reporting and audit readiness metrics for governance forums and leadership review, including framework coverage, finding aging, and remediation progress. Draft and revise compliance deliverables including System Security Plans (SSP), Plans of Action & Milestones (POA&M), policy and standard content, control narratives, customer security questionnaire responses, and audit artifacts. Author clear, concise written responses to customer, auditor, and regulator inquiries, calibrated to the technical level of the audience and consistent with approved company positioning. Own the operational risk assessment process and the supporting risk register, including conducting periodic and event‑driven risk assessments, documenting current state, identifying deficiencies, and developing risk treatment recommendations. Route risk acceptance and exception decisions to the appropriate decision authority with the underlying analysis and documentation prepared for review; track decisions and ensure follow‑through on conditions or expirations. Track open compliance findings and remediation activities, prepare status updates, and flag aging or high‑severity items for escalation. Third‑Party & Supply Chain Risk Contribute to vendor and supplier security review activities, including evaluating vendor security questionnaires, reviewing supplier control attestations, and assessing residual risk for inclusion in procurement and program decisions. Support assessment of subcontractor and supplier flow‑down compliance, including coordinating with sourcing and program management on supplier security obligations and remediation. Audit & Assessment Support Support internal and external audit, assessment, and certification activities, including C3PAO engagements, ISO 27001 surveillance audits, customer assessments, and regulator inquiries. Coordinate evidence collection with system owners and control operators; validate that evidence is accurate, complete, and appropriately scoped before submission. Participate in assessor and auditor interviews as a subject‑matter contributor on specific controls and artifacts. Cross‑Functional Collaboration Partner with legal and sourcing on contract review, redlines, and flow‑down language; with security program management on milestones, schedules, and audit coordination; and with security engineering and IT on evidence, control implementation detail, and remediation planning. Serve as a knowledgeable point of contact for internal teams seeking to understand what a given regulatory or contractual requirement means in practice. What Success Looks Like in Year One Established a repeatable contract review intake process with legal and sourcing, including a maintained library of standard cybersecurity flow‑down clauses and review turnaround expectations. Produced an end‑to‑end Requirements Traceability Matrix for at least one active federal program, traceable from contract clauses through framework controls to evidence sources. Stood up the operational risk register and routine risk reporting cadence, with at least one full assessment cycle completed and risk treatment decisions documented. Maintained the ISMS documentation set in audit‑ready condition through at least one external assessment or surveillance cycle. Required Qualifications Five or more years of progressive experience in cybersecurity governance, risk, and compliance; IT audit; or a closely related discipline, with substantial hands‑on exposure to framework interpretation and contract requirement analysis. Demonstrated working knowledge of NIST SP 800-171 and NIST SP 800-53, including control families, assessment procedures, and common implementation patterns. Experience contributing to SSP and POA&M artifacts, compliance matrices, or Requirements Traceability Matrices in a regulated environment. Practical experience supporting at least one formal audit, certification, or assessment cycle (for example CMMC, ISO 27001, SOC 2, FedRAMP, or comparable). Strong technical writing skills, including the ability to produce accurate, concise, and audience‑appropriate compliance documentation. Writing samples may be requested as part of the interview process. Demonstrated comfort and interest in reading contractual and regulatory language carefully and translating it into specific, actionable internal requirements. This is a core part of the role, not an occasional task. Comfort working across multiple stakeholder groups — legal, sourcing, engineering, IT, security operations, and program management — and adjusting communication style accordingly. Bachelor's degree in Information Security, Information Systems, Business, a related field, or equivalent practical experience. Preferred Qualifications Direct experience with CMMC 2.0 assessment preparation, including familiarity with DFARS View phone number on click.appcast.io and 48 CFR Part 204. Familiarity with ISO 27001, FedRAMP, SOC 2, NIS2, GDPR data security obligations, or EU dual‑use export control regimes. Experience handling Controlled Unclassified Information (CUI) in accordance with NARA and DoD requirements. Exposure to aerospace, defense, space, or other regulated technology environments. Experience reviewing or negotiating cybersecurity flow‑down language in customer or supplier contracts. Working familiarity with Governance, Risk, and Compliance (GRC) tooling such as ServiceNow GRC, Archer, Hyperproof, Drata, Vanta, or equivalent. Industry certifications such as CISA, CRISC, CISSP, CGRC, ISO 27001 Lead Implementer / Lead Auditor, CMMC Registered Practitioner (RP), or CMMC Certified Professional / Certified Assessor (CCA). Active US security clearance, or eligibility to obtain one. Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in the office. Access to US export‑controlled software and/or technology may be required for this role. If needed, Spire will arrange the necessary licenses—this is not something candidates need to have before applying. Salary Range

$189,000 — $225,000 USD

Equal Employment Opportunity Statement Spire is global and our success draws upon the diverse viewpoints, skills and experiences of our employees. We are proud to be an equal opportunity employer and are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity or veteran status. To help maintain a safe and secure workplace for Spire employees, all candidates who receive a conditional offer will be required to complete a background check. This may include criminal history and employment verification. #J-18808-Ljbffr Spire

Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the GRC Analyst, Federal & Customer Programs in Washington DC vacancy
  • $69k - $104k

     ...candidates for future hiring needs on the program once awarded. At AIS, we are dedicated...  ...to join AIS as a Associate Program Analyst.As your initial project assignment, you...  ...Analyst. Project Summary AIS supports a Federal customer providing program and administrative support... 
    Customer
    Contract work

    Applied Information Sciences, Inc.

    Washington DC
    3 days ago
  •  ...seeks an ACE investigator to generate and pursue investigations into fraud across healthcare, contracting, and grants within federal programs. The role involves collaborating with ACE attorneys and agency personnel, analyzing large datasets, and preparing detailed progress... 
    Suggested

    Jobtailor

    Washington DC
    4 days ago
  • Crowned Grace International seeks a seasoned Program Manager to oversee critical procurement activities for Federal clients. With a requirement of over 10 years in program management within federal contexts, the role centers on expertise in Federal Records Management and... 
    Suggested

    Crowned Grace International

    Washington DC
    3 days ago
  • Humane World for Animals, a global leader in animal advocacy and protection, is seeking a Program Manager, Regulatory, Federal Affairs. In this position you will encourage the development, implementation and proper enforcement of regulations designed to bolster animal... 
    Suggested
    Remote work
    Flexible hours

    Alaska Department of Law

    Washington DC
    2 days ago
  • BLUMEPROT+ technology is seeking a Program Manager in Washington, DC, to manage a critical federal financial operations program. The PM will be the primary contact for Client stakeholders, responsible for the execution of the program, team management, and ensuring quality... 
    Suggested

    BLUMEPROT+ technology

    Washington DC
    2 days ago
  •  ...important component it's people ; "Love Thy Customer; Love Thy Work; Love Thy System"...  ...Associates (BMA) is seeking a Program Analyst to work to support agency and the management...  ...orientation in accordance with applicable federal, state and local laws. BMA complies... 
    Customer
    For contractors
    Local area

    Business Management Associates, Inc.

    Washington DC
    24 days ago
  • One Federal Solution (OFS) seeks a highly analytical Program Analyst to provide strategic program management, operational analysis, and executive-level support for complex, mission-critical initiatives within a federal environment. The successful candidate will advise... 

    One Federal Solution

    Washington DC
    2 days ago
  • A federal support services company is seeking a Program Analyst to provide administrative and programmatic support for a government contract. This on-site role in Washington, DC, requires strong organizational and analytical skills to coordinate activities and ensure effective... 
    Contract work

    BLH Technologies, Inc

    Washington DC
    5 days ago
  • BLH Technologies, Inc., is hiring a Program Analyst to deliver on-site administrative and programmatic support for a federal contract with HHS. The role involves coordinating activities, supporting grant operations, and ensuring documentation quality. Ideal candidates... 
    Contract work

    BLH Technologies, Inc.

    Washington DC
    3 days ago
  • mPower is seeking a Senior Program Analyst to support a federal client in advancing program operations, policy implementation, and organizational effectiveness. This highly visible role serves as a strategic resource to client leadership by strengthening business processes... 

    Medium

    Bethesda, MD
    3 days ago
  • $35 - $38 per hour

    One Federal Solution is looking for a Senior Program Analyst to support the United States Marshals Service. This role involves providing analytical, operational, and program management support, including program analysis and reporting. Applicants should possess a Bachelor... 
    Hourly pay

    One Federal Solution

    Arlington, VA
    2 days ago
  • A government contracting firm is seeking a Senior Program Analyst Level 4 to support federal clients in Washington, DC. The role demands expertise in recruiting, budgeting, and ensuring organizational success through effective process implementation. Candidates must possess... 

    Prescient Edge

    Washington DC
    4 days ago
  • mPower, Inc. is seeking a Senior Program Analyst to support a federal client in advancing program operations, policy implementation, and organizational effectiveness. This role serves as a strategic resource to client leadership, strengthening business processes and supporting... 

    mPower, Inc.

    Bethesda, MD
    4 days ago
  • A decision analytics company in Arlington, VA, is seeking a Program Analyst with expertise in financial and cost analysis to support federal programs. The role requires a bachelor's degree in a quantitative field and involves responsibilities such as budget execution,... 

    Technomics, Inc.

    Arlington, VA
    2 days ago
  • AvantGarde, LLC in the Washington, DC area seeks a Program Analyst IV to support proposal-based professional services in a federal setting. The role provides senior-level analytical, operational, and program management support across complex initiatives and priorities,... 
    Remote work

    Hirebridge

    Washington DC
    2 days ago
  • Applied Information Sciences seeks an Associate Program Analyst to provide program analysis support to a federal client on a proposal-based basis. Employment is contingent upon contract award and funding. The role involves analyzing fraud complaints, data review, and supporting... 
    Contract work

    AIS (Applied Information Sciences)

    Washington DC
    2 days ago
  • Ibility LLC, located in Washington, DC, is seeking a remote Senior Program Analyst to support the Department of Veterans Affairs in deploying...  ...Financials. This role emphasizes program management within a federal environment using Scaled Agile Framework (SAFe). The ideal... 
    Remote job

    Ibility LLC

    Washington DC
    2 days ago
  • Chevo is seeking a Senior Management Analyst - Federal Programs to support the ICE SEVP Fee Management Support team. The role offers a hybrid work environment with a client site in Vienna, VA and requires experience in fee funded organizations. Responsibilities include... 

    Chevo Consulting

    Washington DC
    1 day ago
  •  ...in Bethesda, MD seeks a visionary Vice President of Programs to lead a diverse portfolio of federal contracts delivering professional services, technology...  ...modernization, manage multi-million budgets, and foster growth while ensuring compliance and customer #J-18808-Ljbffr ISN
    Customer

    ISN

    Bethesda, MD
    2 days ago
  • A defense technology company based in Washington is looking for a Program Manager to lead strategic engagements with federal customers such as the Department of Defense and NASA. This role requires strong program management and customer relationship skills, alongside a... 
    Customer

    Nominal

    Washington DC
    5 days ago
  • Ll Oefentherapie in Arlington, Virginia is seeking a Federal Business Analyst to lead program activities aimed at process optimization and data analysis. Ideal candidates will possess a solid understanding of federal contracting rules and be experienced in cross-functional... 

    Ll Oefentherapie

    Arlington, VA
    1 day ago
  • $130k - $180k

     ...privacy. At Virtru, we equip our customers to take granular control of...  ...edge security compliance program aligned with FedRAMP, SOC 2,...  ...performant service. As a GRC Analyst at Virtru, you will be the primary...  ...protected by applicable national, federal, state, or local law.... 
    Customer
    Remote job
    Local area
    Flexible hours
    Shift work

    Virtru

    Washington DC
    more than 2 months ago
  •  ...mission results. With capabilities in management consulting, program management, strategic planning, data analysis, human capital,...  ...live in the Washington, DC area at time of employment. Business Analyst (Federal Programs) Responsibilities Expertise in requirements... 
    Contract work
    Live in
    Work at office
    Remote work
    Flexible hours

    Arc Aspicio

    Washington DC
    4 days ago
  • Axiologic Solutions LLC in Northern VA seeks a Program Manager to lead IT program management for key federal clients, ensuring timely, high-quality deliverables...  ...COTR, and GTMs, manage staff, and maintain strong customer engagement. Ideal candidates hold an active TS/... 
    Customer

    RPMGlobal

    Washington DC
    17 hours ago
  • Description Job Title: Federal Student Aid Regulatory Case Analyst Department: Operations - Services Reports To: RavenTek Program Manager Location: Remote Schedule: Monday - Friday Hours...  ...RavenTek’s mission to support the customer. Requirements Essential Duties and Responsibilities... 
    Customer
    Hourly pay
    Full time
    Contract work
    Work experience placement
    Work at office
    Remote work
    Home office
    Monday to Friday

    Raventek Solution Partners LLC

    Washington DC
    1 day ago
  • Cyberdata Technologies, Inc. is seeking a senior Program Manager in Bethesda, Maryland, to oversee the delivery of a federal information security support services program....  ...with federal cybersecurity standards and customer policies. Ideal candidates will have prior experience... 
    Customer

    Cyberdata Technologies, Inc.

    Bethesda, MD
    4 days ago
  • $80k

     ...Tech AMT is looking for an Journeyman Program Analyst Primary job duties and responsibilities...  ...Outlook and Teams Experience working in a customer facing position and must have strong...  ...protected by law. Tetra Tech is a VEVRAA federal contractor and we request priority... 
    Customer
    For contractors
    Work at office

    Tetra Tech

    Washington DC
    1 day ago
  •  ...in the United States seeks a Contractor Program Manager to lead enterprise cybersecurity...  ...staffing, deliverables, schedules, and customer communications while managing risks and...  ...years of program management experience in federal cybersecurity environments, strong leadership... 
    Customer
    Contract work
    For contractors

    Truezerotech

    Washington DC
    2 days ago
  •  ...Overview Program Analyst II LOCATION: Washington, DC JOB STATUS: Full-time CLEARANCE: Ability...  ...for a Program Analyst II to support the Federal Aviation Administration - PSS Contract....  ...interpersonal skills to interact with customers, senior‑level personnel, and team members... 
    Customer
    Full time
    Contract work
    Work at office
    Immediate start
    Shift work

    ASTRION, INC.

    Washington DC
    15 hours ago
  • ECS is seeking a cleared Deputy Program Manager in Washington, DC to lead day-to-day delivery...  ...should have a minimum of 7 years of federal IT project/program support experience,...  ...involves operational management and ensures high-quality customer support. #J-18808-Ljbffr ECS
    Customer

    ECS

    Washington DC
    4 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to GRC Analyst, Federal & Customer Programs. Be the first to apply!