Compliance Analyst (GRC/RMF Focused)

Job Title: Compliance Analyst (GRC/RMF Focused) Pay Type: SALARIED EXEMPTLocation: Hybrid, Washington, DC (DMV Area)Summary of Position Role/ResponsibilitiesThe Compliance Analyst (GRC/RMF Focused) supports governance, risk, and compliance (GRC) initiatives by developing, maintaining, and managing security documentation and compliance artifacts aligned with federal standards. This role plays a key part in supporting Risk Management Framework (RMF) activities, continuous monitoring, and authorization efforts across federal and regulated environments. This role requires strong expertise in NIST SP 800-53, FISMA, and related guidance, with the ability to translate technical system configurations into clear, audit-ready documentation. The ideal candidate is detail-oriented, organized, and capable of managing multiple compliance workstreams while engaging effectively with both technical and non-technical stakeholders.Essential Functions of the JobExperience authoring and maintaining security documentation, including System Security Plans (SSPs), control implementation statements, policies, and proceduresStrong knowledge of NIST SP 800-53 Moderate and High baselines and FISMA requirementsAbility to develop documentation in accordance with Agency-specific security and compliance requirementsExperience supporting FedRAMP and/or CMMC compliance effortsWorking understanding of SOC 2 principles and control structuresHands-on experience with GRC toolsAbility to translate technical system configurations into clear, audit-ready documentationExperience developing and managing POA&Ms and supporting continuous monitoring activitiesStrong understanding of NIST standards and supporting guidance (e.g., 800-60, 800-37, 800-171, 800-137)Ability to engage directly with customers, lead discussions, and clearly communicate requirements to both technical and non-technical stakeholdersStrong written and verbal communication skills with a focus on clarity and professionalismProven ability to manage multiple priorities and meet strict deadlines in a fast-paced environmentHigh attention to detail with strong organizational and documentation management skillsProficiency with standard business tools (e.g., Microsoft Word, Excel, SharePoint, Teams)Technical proficiency with On Prem environments, Cloud environments, and associated security conceptsBasic understanding of AI tools and ability to leverage them for documentation development (including effective prompting techniques)Ability to work independently while coordinating effectively across internal teams and stakeholders.Marginal Functions of the JobOther duties as assignedNormal Work ScheduleThis is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.Education, Training, and ExperienceBachelor's degree in Cybersecurity, Information Technology, Information Systems, or a related field.3-6+ years of experience in GRC, RMF, or cybersecurity compliance roles within federal or regulated environments.Strong knowledge of NIST SP 800-53, FISMA, and supporting NIST guidance (e.g., 800-37, 800-60, 800-171, 800-137).Experience supporting FedRAMP, CMMC, and/or SOC 2 compliance efforts.Hands-on experience with GRC platforms and compliance tracking tools.Technical understanding of on-premise and cloud environments and associated security concepts.Proven ability to produce audit-ready documentation and manage compliance artifacts.Strong written and verbal communication skills with the ability to clearly convey complex information.Demonstrated ability to manage multiple projects and deadlines with strong organizational skills.Experience working independently while coordinating across cross-functional teams.Must be a U.S. Citizen and eligible to support federal contracting environments.Preferred CertificationsCISA (Certified Information Systems Auditor)Security+, CISSP, or similar cybersecurity certificationFedRAMP or RMF-related training or certifications are a plusEEO Statement