Senior GRC Analyst – NIST, GovRAMP, FedRAMP

Job not on LinkedIn

🕒 May 22

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Career TEAM

Career TEAM

201 - 500 employees

Founded 1996

🤝 B2B

📚 Education

🤝 Non-profit

B2B • Education • Non-profit

Career TEAM is a workforce services provider that focuses on addressing complex social challenges such as reducing unemployment and eradicating poverty. They utilize both high-touch and high-tech solutions, including their innovative software, Career EDGE, to enhance career services and support job seekers across the United States. With over 1 million job seekers served, Career TEAM partners with government organizations and workforce development boards to deliver case management, training, and business services, helping people find meaningful employment and advance in their careers.

📋 Description

• Maintain and continuously improve the System Security Plan (SSP), policies, procedures, and standards aligned to NIST 800-53 and SOC 2. • Own the Plan of Action and Milestones (POA&M) lifecycle: tracking, aging, remediation evidence, and monthly continuous monitoring deliverables. • Manage the control evidence catalog—what evidence exists, where it lives, when it was last refreshed, and what's coming up for renewal. • Coordinate with the U.S. security team and 3PAOs to support GovRAMP, FedRAMP, and state-level (TX-RAMP, ) authorization and continuous monitoring activities. • Run our third-party risk management program end-to-end: security questionnaires, due diligence, contract review, recurring reassessments. • Maintain the enterprise risk register, facilitate risk acceptance decisions, and translate technical risk into business language for executives. • Administer subcontractor flow-down obligations and PII safeguarding certifications across all relevant agreements. • Track contractual security obligations across state customer contracts and ensure we meet every commitment on schedule. • Maintain and version-control our policy library—written in plain English, not boilerplate. • Run our security awareness training program, phishing simulations, and Rules of Behavior administration. • Author tabletop exercise scenarios, facilitate exercises, and produce after-action reports with concrete remediation owners. • Partner with HR and IT on onboarding and offboarding security checklists, access reviews, and acceptable use enforcement.

🎯 Requirements

• Located in the Philippines with night shift work hours (to overlap with U.S. team). • 7+ years of hands-on GRC experience, with at least 3 years dedicated to FedRAMP, GovRAMP, StateRAMP, TX-RAMP, or CMMC programs at a SaaS company. • Demonstrated track record authoring SSPs, POA&Ms, and continuous monitoring deliverables for a successful authorization—not just contributing to someone else's work. • Deep working knowledge of NIST 800-53, NIST 800-171, FIPS 199/200, SOC 2 (Type II), and the practical realities of audit evidence collection. • Self-starter who can walk into an existing program, identify what needs to mature, and deliver without daily direction. You'll know you're a fit if "figure it out and make it better" sounds like a feature, not a bug. • Exceptional written English—your documents will be read by state auditors, executives, and 3PAOs. • Experience running a third-party risk management program and managing vendor security reviews at volume. • Bachelor's degree in Cybersecurity, Information Systems, or a related field; relevant certifications (CISSP, CISA, CRISC, CGRC/CAP, ISO 27001 Lead Implementer) are a strong plus. • Bonus: experience with GRC tooling (Drata, Vanta, Hyperproof, ServiceNow GRC) and prior work with U.S. state government customers.

🏖️ Benefits

• A senior individual contributor with real ownership over a defined portion of our GRC program. • Maturing the documentation backbone (SSPs, policies, POA&Ms, risk register, vendor program) that powers our GovRAMP, FedRAMP, and state authorization efforts. • Working on a product that directly helps thousands of individuals access workforce and educational services. • Partnering directly with security leadership, engineering, and executive stakeholders—no layers, no hand-holding. • Driving continuous improvement of policies, controls, and evidence collection across the organization. • Enjoy a fully remote work environment.

Apply Now

Similar Jobs

🕒 May 19

ISG

1001 - 5000

⚕️ Healthcare Insurance

SOC 2 & Compliance Manager managing IT audit and assurance engagements for clients. Leading compliance assessments and collaborating with global teams, ensuring high-quality service delivery.

🕒 May 15

BEL USA LLC

1001 - 5000

🤝 B2B

🛍️ eCommerce

Product Compliance Manager leading and managing regulatory compliance across BEL USA’s promotional product portfolio. Ensures all products meet safety, chemical, labeling, and marketplace requirements.

🕒 April 10

NightOwl Consulting

51 - 200

🤝 B2B

🎯 Recruiter

☁️ SaaS

Operations & Compliance Assistant in a remote role focusing on vendor management and social media compliance. Responsibilities include organizing data and removing administrative workload from leadership.

🕒 April 1

C9

11 - 50

👥 HR Tech

💳 Fintech

🤝 B2B

Join C9 Staff as a Brand Compliance & Publisher Operations Coordinator. Ensuring advertising compliance and seamless publisher operations through detail-oriented mindset and organizational skills.

🕒 March 31

NightOwl Consulting

51 - 200

🤝 B2B

🎯 Recruiter

☁️ SaaS

Compliance & Licensing Officer overseeing regulatory obligations and ensuring compliance in lending operations for Realfinity Mortgage. Managing state licenses and staying ahead of regulatory changes.