GRC Analyst – Public Sector
Company:Socure
Location:USA
Languages:English
Seniority level:Senior, 5+ years
Experience:5+ years
Skills:
AWSArtificial IntelligenceCybersecurityMachine LearningComplianceRisk Management
Requirements:
- 5+ years of cybersecurity or identity management experience, including 1+ year in the public sector.
- Direct experience with FedRAMP, GovRAMP, and NIST frameworks (800-53, 800-63, 800-171).
- Proven ability to manage continuous monitoring, vulnerability remediation, and compliance reporting.
- Experience using AI tools (e.g., ChatGPT, Glean, Gemini) and machine-readable formats (e.g., OSCAL) to automate and streamline compliance processes.
- Strong communication, organization, and collaboration skills.
- Ability to adapt to changing requirements.
- Must be a U.S. Person and able to obtain a U.S. OPM NACI clearance.
Responsibilities:
- Coordinate and execute external Third Party Assessment Organization (3PAO) assessments.
- Maintain and update FedRAMP and GovRAMP controls and documentation.
- Prepare certification and authorization packages.
- Lead continuous monitoring process including vulnerability management.
- Oversee access controls for FedRAMP environments.
- Design, implement and deliver FedRAMP training programs.
- Maintain compliance evidence repositories and audit preparation materials.
- Conduct internal reviews of logged events and control activities.
- Collaborate to design and implement AI-enabled compliance workflows.
- Support development of machine-readable compliance documentation.
- Serve as a security subject matter expert for public sector sales activities.
- Monitor new and evolving requirements and perform gap analyses.
