GRC Analyst, Federal Program

Job Description

• This position is posted by Jobgether on behalf of a partner company. We are currently looking for a GRC Analyst, Federal Program in the United States. This role sits at the center of a fast-evolving security and compliance function, focused on enabling federal readiness across critical healthcare technology programs. You will take ownership of high-impact compliance initiatives, including CMMC certification and FedRAMP readiness, ensuring regulatory requirements are translated into actionable engineering and operational work. The position blends deep regulatory expertise with hands-on execution, requiring close collaboration with engineering, infrastructure, security, and business stakeholders. You will play a key role in defining compliance boundaries, building audit-ready documentation, and driving remediation efforts across the organization. Acting as a primary liaison with external auditors and assessors, you will help shape how federal compliance is achieved and maintained. This is a highly cross-functional, mission-driven environment where clarity, precision, and ownership directly influence organizational readiness and trust.
• Accountabilities In this role, you will own and support federal compliance programs, with a primary focus on CMMC certification and FedRAMP readiness, while contributing to broader GRC initiatives across frameworks such as SOC 2 and HITRUST. You will define and maintain compliance boundaries, map regulatory requirements to existing systems, and lead gap assessments aligned with federal standards. Serve as a core member of the GRC team with ownership of CMMC and FedRAMP initiatives Define assessment scope and maintain a defensible CMMC boundary across systems and environments Perform NIST SP 800-171 mapping, gap analysis, and remediation tracking Develop and maintain SSPs, POA&Ms, control narratives, and audit documentation Translate compliance requirements into actionable remediation tasks for technical and non-technical teams Coordinate directly with external auditors and assessors during formal evaluation cycles Drive evidence collection, control implementation, and continuous monitoring activities Support cross-framework compliance initiatives and organizational security maturity efforts Requirements This role requires strong hands-on experience in GRC, with deep familiarity in federal compliance frameworks and the ability to operate independently in high-accountability environments. You should be comfortable navigating both technical systems and regulatory requirements while communicating effectively across diverse stakeholders. 5+ years of experience in GRC, compliance, or security roles, including 3+ years in federal frameworks (CMMC, FedRAMP, or equivalent) Proven experience leading or contributing to CMMC Level 2 or FedRAMP readiness efforts Strong knowledge of NIST SP 800-171 controls, CUI handling, and scoping methodologies Ability to produce and maintain audit-ready documentation (SSPs, POA&Ms, gap analyses) Experience working directly with external auditors or assessment bodies Strong communication skills with the ability to simplify complex compliance concepts for varied audiences US citizenship required and eligibility for Public Trust clearance if needed Experience with GRC platforms (e.g., Drata, Vanta, Hyperproof) is a plus Benefits Competitive compensation package with base salary, bonus, and equity components Comprehensive health, dental, and vision insurance Health Savings Account (HSA) options 401(k) retirement savings plan Life and disability insurance coverage Flexible PTO and paid holidays Remote-first work environment with flexible scheduling Parental leave and family support benefits Access to wellness resources, including digital mental health support Equity participation in a high-growth organization
• How Jobgether works: We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best! Why Apply Through Jobgether? Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time. #LI-CL1
• We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
• apply for this job