GRC Analyst, Federal Programs

🕒 May 18

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Sword Health

WebsiteLinkedInAll Job Openings

201 - 500 employees

Founded 2015

⚕️ Healthcare Insurance

🤖 Artificial Intelligence

🧘 Wellness

Healthcare Insurance • Artificial Intelligence • Wellness

Sword Health is a digital health company that combines artificial intelligence with clinical expertise to provide world-class care for muscle, joint, and pelvic health conditions. By offering digital physical therapy and AI-driven care, Sword helps individuals recover from physical ailments from the comfort of their own home, avoiding surgeries and reducing the need for medications. The company provides employers, health plans, and individuals with personalized treatment plans that are cost-effective and have proven outcomes in pain reduction and improved productivity. Sword Health is dedicated to expanding access to high-quality care and ensuring health equity across global communities.

📋 Description

• Serve as a member of Sword's GRC team, contributing to security compliance across all products and services, with primary ownership of federal programs; • Define and maintain the CMMC assessment boundary, working across infrastructure, engineering, and business teams to ensure the scope is accurate and defensible; • Map NIST SP 800-171 practices to Sword's current environment and produce a clear, evidence-based gap analysis; • Translate identified gaps into prioritized remediation tasks with clear ownership, for audiences ranging from DevOps engineers to clinical operations managers; • Build and maintain the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and all artifacts required for assessment; • Serve as Sword's primary interface with the C3PAO and assessment team during formal CMMC assessments; • Drive FedRAMP readiness in parallel, including control documentation, evidence collection, and continuous monitoring; • Contribute to audits and compliance activities across other active frameworks, including SOC 2 and HITRUST, as part of Sword's broader GRC program.

🎯 Requirements

• 5+ years of hands-on experience in GRC, compliance, or security, with at least 3 of those years focused on federal compliance frameworks such as CMMC or FedRAMP; • Demonstrated experience owning deliverables and driving remediation through a CMMC, FedRAMP, or equivalent federal compliance effort; • Strong working knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling requirements; • Ability to produce compliance documentation — SSPs, POA&Ms, gap analyses, control narratives — without heavy supervision; • Proven ability to communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business teams; • Experience engaging directly with external auditors and assessors, including evidence packaging and real-time response during assessments; • US citizenship required; • Ability to obtain a federal Public Trust designation if required by a sponsoring agency. • **What we would love to see** • CMMC Certified Professional (CCP) credential, or active pursuit of it; • CMMC Certified Assessor (CCA) credential; • Hands-on experience with FedRAMP authorization packages, continuous monitoring, and agency ATO processes; • Background in defense contracting or regulated health tech environments; • Experience working across multiple compliance frameworks simultaneously (HITRUST, SOC 2, ISO 27001); • Familiarity with GRC platforms such as Hyperproof, Drata, or Vanta.

🏖️ Benefits

• Comprehensive health, dental and vision insurance* • Life and AD&D Insurance* • Financial advisory services* • Supplemental Insurance Benefits (Accident, Hospital and Critical Illness)* • Health Savings Account* • Equity shares* • Discretionary PTO plan* • Parental leave* • 401(k) • Flexible working hours • Remote-first company • Paid company holidays • Free digital therapist for you and your family