<Back to Search
Senior GRC Analyst
Salt Lake City, UTApril 1st, 2026
Job Title: Senior GRC Analyst – DoD / CMMC / FISMAEngagement Type: Contract-to-Hire (6+ months) | Full-Time | Remote (U.S.-based)Hourly Range of $65/hour 1099 or C2CMUST BE US CITIZENRole SummaryOur Client is seeking a Senior GRC Analyst with deep, hands-on experience supporting DoD and federal compliance programs, specifically CMMC 2.0 Level 2 and FISMA within environments handling Controlled Unclassified Information (CUI).This role is responsible for executing and sustaining NIST SP 800-171 and NIST SP 800-53 control implementation, maintaining audit and certification readiness, and supporting authorization and assessment activities. The position requires close collaboration with Engineering, DevOps, Cloud, and Security teams to ensure controls are implemented, validated, and supported by audit-ready evidence.Core Skill Categories & ResponsibilitiesGovernance, Risk & Compliance (GRC)Execute and maintain CMMC 2.0 Level 2 compliance programsSupport FISMA compliance aligned to NIST SP 800-53 (Moderate baseline)Maintain System Security Plans (SSPs), POA&Ms, and control traceabilityDrive continuous monitoring (ConMon) and audit readiness initiativesSupport DoD and federal audit preparation, assessments, and certification readinessSecurity Frameworks & StandardsImplement and validate controls aligned to:NIST SP 800-171NIST SP 800-53CMMC 2.0FISMAMap controls to compliance requirements and maintain alignment across systems handling CUITechnical Security Controls (Validation & Implementation)Validate implementation of security controls across:Identity & Access Management (IAM)Logging, Monitoring, and AuditabilityEncryption (at rest and in transit)Vulnerability ManagementConfiguration ManagementIncident Response & Contingency PlanningReview and assess technical artifacts (architecture diagrams, configurations, logs)Ensure controls are properly implemented in AWS cloud environmentsCloud & DevOps CollaborationPartner with Engineering, CloudOps, and DevOps teams to implement and remediate controlsSupport cloud-native architectures and CI/CD pipeline security considerationsTranslate compliance requirements into technical solutions and configurationsRisk Management & AssessmentConduct risk assessments for systems, services, and architectural changesManage risk registers, findings, and remediation trackingPerform third-party and supply chain risk assessments aligned with DoD requirementsAudit, Authorization & Evidence ManagementProduce and maintain audit-ready documentation and evidenceSupport Authority to Operate (ATO) and federal authorization processesValidate and present evidence artifacts during audits and assessmentsCollaborate with stakeholders to remediate findings prior to government reviewRequired QualificationsExperience6+ years in GRC, cybersecurity compliance, or federal security programsHands-on experience with:CMMC 2.0 Level 2DoD environments handling CUIProven experience working directly with engineering and DevOps teamsTechnical & Compliance KnowledgeStrong knowledge of:NIST SP 800-171NIST SP 800-53FISMACMMC 2.0Experience validating technical security controls in AWSAbility to translate compliance requirements into implemented controls and evidenceTools & TechnologiesCloud platforms: AWSGRC artifacts: SSPs, POA&Ms, Risk RegistersSecurity domains: IAM, logging, encryption, vulnerability managementPreferred QualificationsCertificationsCMMC Registered Practitioner (RP)CISSP, CISM, or CISACloud Security Certifications (e.g., AWS Security, CCSP)Additional ExperienceExperience supporting CMMC assessments or readiness programsExperience with federal ATO / authorization processesFamiliarity with CI/CD pipelines and cloud-native architecturesBackground in defense, government contracting, or regulated environments
Showing all 149 matching similar jobs
- Senior Associate, Security Governance, Risk and Compliance (SoQC)
- Principal - Microsoft Business Applications
- Principal HCM Functional Consultant
- Loss Mitigation Specialist
- Remote: Global Network Services Leader & Architect
- Network Engineer, Managed IT
- Business System Analyst III - Salesforce Business Systems Analyst - Remote
- Business Analyst
- Security Officer - Hilton Salt Lake City Center
- Corporate Security Specialist [80865]
- Operations Manager
- Remote Solutions Architect - Automation & Digitalization
- Senior Technical Account Manager
- Aerostructures Technical Lead - Tooling & Automation
- Cloud Platform Engineering Manager (Kubernetes & Azure)
- SAP Tax Integration Alliance Exec (Associate Director)
- Cyber Systems Auditor
- Junior IAM Technician: AD & ServiceNow Specialist
- Upmarket Solutions Engineer
- Engineering Manager, Blockchain Platform
- Modern Workplace Engineer
- Engineering Manager, Build Platform
- Sr Manager, EHS Systems
- AWM - Operations - PWM Ops Control and Risk Mgmt - Analyst
- Technical Sales Specialist
- Systems Administrator
- Senior Cerner Integration Analyst (HL7)
- Epic Radiant Analyst
- Account Executive - Identity Security Vendor
- Gemini Enterprise SME
- Business Analyst
- Clinical Operations Consultant
- Database AdministratorSalt Lake City, UTApril 1st, 2026
- Endur ETRM Business Consultants (all levels) - Greenfield & Upgrade Projects - $150-275k Base
- Business Analyst (BA)
- Meditech Anayst- ORM/SUR
- SAP Operations ManagerSalt Lake City, UTApril 1st, 2026
- Microsoft Office 365 Engineer
- Solutions Architect