Compliance Analyst (GRC/RMF Focused)

Quzara LLC

$80K — $110K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, or related field.
  • 3-6+ years of experience in GRC, RMF, or cybersecurity compliance roles.
  • Strong knowledge of NIST SP 800-53 and FISMA.
  • Experience supporting FedRAMP, CMMC, or SOC 2 compliance efforts.
  • Hands-on experience with GRC platforms and compliance tracking tools.

Responsibilities

  • Develop and manage security documentation and compliance artifacts.
  • Support continuous monitoring and authorization efforts across federal environments.
  • Translate technical system configurations into audit-ready documents.
  • Create and maintain System Security Plans (SSPs) and policies.
  • Engage directly with technical and non-technical stakeholders to communicate requirements.

Benefits

  • Hybrid work environment in Washington, DC.
  • Standard business hours with potential for additional work outside hours.
  • Opportunity to work on federal GRC initiatives.
Full Job Description
Job Title: Compliance Analyst (GRC/RMF Focused)

Pay Type: SALARIED EXEMPT

Location: Hybrid, Washington, DC (DMV Area)

Summary of Position Role/Responsibilities

The Compliance Analyst (GRC/RMF Focused) supports governance, risk, and compliance (GRC) initiatives by developing, maintaining, and managing security documentation and compliance artifacts aligned with federal standards. This role plays a key part in supporting Risk Management Framework (RMF) activities, continuous monitoring, and authorization efforts across federal and regulated environments. This role requires strong expertise in NIST SP 800-53, FISMA, and related guidance, with the ability to translate technical system configurations into clear, audit-ready documentation. The ideal candidate is detail-oriented, organized, and capable of managing multiple compliance workstreams while engaging effectively with both technical and non-technical stakeholders.

Essential Functions of the Job

  • Experience authoring and maintaining security documentation, including System Security Plans (SSPs), control implementation statements, policies, and procedures
  • Strong knowledge of NIST SP 800-53 Moderate and High baselines and FISMA requirements
  • Ability to develop documentation in accordance with Agency-specific security and compliance requirements
  • Experience supporting FedRAMP and/or CMMC compliance efforts
  • Working understanding of SOC 2 principles and control structures
  • Hands-on experience with GRC tools
  • Ability to translate technical system configurations into clear, audit-ready documentation
  • Experience developing and managing POA&Ms and supporting continuous monitoring activities
  • Strong understanding of NIST standards and supporting guidance (e.g., 800-60, 800-37, 800-171, 800-137)
  • Ability to engage directly with customers, lead discussions, and clearly communicate requirements to both technical and non-technical stakeholders
  • Strong written and verbal communication skills with a focus on clarity and professionalism
  • Proven ability to manage multiple priorities and meet strict deadlines in a fast-paced environment
  • High attention to detail with strong organizational and documentation management skills
  • Proficiency with standard business tools (e.g., Microsoft Word, Excel, SharePoint, Teams)
  • Technical proficiency with On Prem environments, Cloud environments, and associated security concepts
  • Basic understanding of AI tools and ability to leverage them for documentation development (including effective prompting techniques)
  • Ability to work independently while coordinating effectively across internal teams and stakeholders.


Marginal Functions of the Job

  • Other duties as assigned


Normal Work Schedule

This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.

Education, Training, and Experience

  • Bachelor's degree in Cybersecurity, Information Technology, Information Systems, or a related field.
  • 3-6+ years of experience in GRC, RMF, or cybersecurity compliance roles within federal or regulated environments.
  • Strong knowledge of NIST SP 800-53, FISMA, and supporting NIST guidance (e.g., 800-37, 800-60, 800-171, 800-137).
  • Experience supporting FedRAMP, CMMC, and/or SOC 2 compliance efforts.
  • Hands-on experience with GRC platforms and compliance tracking tools.
  • Technical understanding of on-premise and cloud environments and associated security concepts.
  • Proven ability to produce audit-ready documentation and manage compliance artifacts.
  • Strong written and verbal communication skills with the ability to clearly convey complex information.
  • Demonstrated ability to manage multiple projects and deadlines with strong organizational skills.
  • Experience working independently while coordinating across cross-functional teams.
  • Must be a U.S. Citizen and eligible to support federal contracting environments.


Preferred Certifications

  • CISA (Certified Information Systems Auditor)
  • Security+, CISSP, or similar cybersecurity certification
  • FedRAMP or RMF-related training or certifications are a plus


Similar Jobs

More Jobs at Quzara LLC

More Information Technology Jobs

Find similar Compliance Analyst (GRC/RMF Focused) jobs: