Job Title: Compliance Analyst (GRC/RMF Focused)
Pay Type: SALARIED EXEMPT
Location: Hybrid, Washington, DC (DMV Area)
Summary of Position Role/ResponsibilitiesThe Compliance Analyst (GRC/RMF Focused) supports governance, risk, and compliance (GRC) initiatives by developing, maintaining, and managing security documentation and compliance artifacts aligned with federal standards. This role plays a key part in supporting Risk Management Framework (RMF) activities, continuous monitoring, and authorization efforts across federal and regulated environments. This role requires strong expertise in NIST SP 800-53, FISMA, and related guidance, with the ability to translate technical system configurations into clear, audit-ready documentation. The ideal candidate is detail-oriented, organized, and capable of managing multiple compliance workstreams while engaging effectively with both technical and non-technical stakeholders.
Essential Functions of the Job- Experience authoring and maintaining security documentation, including System Security Plans (SSPs), control implementation statements, policies, and procedures
- Strong knowledge of NIST SP 800-53 Moderate and High baselines and FISMA requirements
- Ability to develop documentation in accordance with Agency-specific security and compliance requirements
- Experience supporting FedRAMP and/or CMMC compliance efforts
- Working understanding of SOC 2 principles and control structures
- Hands-on experience with GRC tools
- Ability to translate technical system configurations into clear, audit-ready documentation
- Experience developing and managing POA&Ms and supporting continuous monitoring activities
- Strong understanding of NIST standards and supporting guidance (e.g., 800-60, 800-37, 800-171, 800-137)
- Ability to engage directly with customers, lead discussions, and clearly communicate requirements to both technical and non-technical stakeholders
- Strong written and verbal communication skills with a focus on clarity and professionalism
- Proven ability to manage multiple priorities and meet strict deadlines in a fast-paced environment
- High attention to detail with strong organizational and documentation management skills
- Proficiency with standard business tools (e.g., Microsoft Word, Excel, SharePoint, Teams)
- Technical proficiency with On Prem environments, Cloud environments, and associated security concepts
- Basic understanding of AI tools and ability to leverage them for documentation development (including effective prompting techniques)
- Ability to work independently while coordinating effectively across internal teams and stakeholders.
Marginal Functions of the JobNormal Work ScheduleThis is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.
Education, Training, and Experience- Bachelor's degree in Cybersecurity, Information Technology, Information Systems, or a related field.
- 3-6+ years of experience in GRC, RMF, or cybersecurity compliance roles within federal or regulated environments.
- Strong knowledge of NIST SP 800-53, FISMA, and supporting NIST guidance (e.g., 800-37, 800-60, 800-171, 800-137).
- Experience supporting FedRAMP, CMMC, and/or SOC 2 compliance efforts.
- Hands-on experience with GRC platforms and compliance tracking tools.
- Technical understanding of on-premise and cloud environments and associated security concepts.
- Proven ability to produce audit-ready documentation and manage compliance artifacts.
- Strong written and verbal communication skills with the ability to clearly convey complex information.
- Demonstrated ability to manage multiple projects and deadlines with strong organizational skills.
- Experience working independently while coordinating across cross-functional teams.
- Must be a U.S. Citizen and eligible to support federal contracting environments.
Preferred Certifications- CISA (Certified Information Systems Auditor)
- Security+, CISSP, or similar cybersecurity certification
- FedRAMP or RMF-related training or certifications are a plus