GRC Engineer – CMMC, FedRAMP

🕒 March 25

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Workstreet

WebsiteLinkedInAll Job Openings

11 - 50 employees

Founded 2023

🔒 Cybersecurity

📋 Compliance

🤝 B2B

Cybersecurity • Compliance • B2B

Workstreet is a managed security and compliance services provider that helps businesses automate and modernize their security programs. With expertise in compliance frameworks including SOC 2, ISO 27001, HIPAA, and GDPR, Workstreet supports companies in achieving their security and compliance outcomes efficiently. Their services include acting as a virtual Chief Information Security Officer (vCISO), full-scale penetration testing, and vendor risk management, aiming to streamline security processes while allowing businesses to focus on growth.

📋 Description

• Interpret and Apply FedRAMP Requirements: Analyze and apply NIST SP 800-53 controls, FedRAMP baselines, and agency-specific requirements to ensure client compliance. • Develop and Maintain FedRAMP Documentation: Develop and maintain System Security Plans (SSPs), control implementation narratives, POA&Ms, SAPs, SARs, and continuous monitoring artifacts. • Conduct FedRAMP Readiness Assessments: Perform gap analyses and readiness reviews to prepare organizations for JAB or Agency ATO pathways. • Support Authorization and Assessment Activities: Coordinate with Third-Party Assessment Organizations (3PAOs), cloud service providers, and government stakeholders throughout the FedRAMP lifecycle. • Boundary Definition & Scoping: Perform CMMC/FedRAMP authorization boundary definition and system scoping activities. • Support Continuous Monitoring Programs: Conduct monthly, quarterly, and annual FedRAMP continuous monitoring requirements. • Support FedRAMP Engagements: Assist on multiple concurrent client projects. • Support CMMC and NIST 800-171 Compliance Efforts: Assist defense contractors with interpreting CMMC 2.0 and NIST SP 800-171 controls and implementing compliant security programs. • Develop CMMC Documentation: Contribute to SSPs, POA&Ms, and supporting artifacts required for CMMC Level 1 and Level 2 readiness.

🎯 Requirements

• Strong organizational and project management skills with the ability to manage multiple engagements concurrently • 2+ years of experience in GRC, with exposure to FedRAMP, NIST SP 800-53, and federal compliance programs • Working knowledge of CMMC 2.0 and NIST SP 800-171 requirements • Experience authoring and reviewing SSPs, POA&Ms, and assessment artifacts • Familiarity with federal cloud environments (AWS GovCloud, Azure Government, GCC High) • Experience working with SaaS providers, federal contractors, or regulated technology organizations • Ability to thrive in a fast-paced, consulting, or startup environment.

🏖️ Benefits

• Reliable high-speed internet connection. • Quiet, professional home office setup. • Must be amenable to work US Eastern Time zone hours. • Fluency in written and verbal English communication skills.