<Back to Search
Senior GRC Analyst
Saint Paul, MNMarch 29th, 2026
Job Title: Senior GRC Analyst – DoD / CMMC / FISMAEngagement Type: Contract-to-Hire (6+ months) | Full-Time | Remote (U.S.-based)Hourly Range of $65/hour 1099 or C2CMUST BE US CITIZENRole SummaryOur Client is seeking a Senior GRC Analyst with deep, hands-on experience supporting DoD and federal compliance programs, specifically CMMC 2.0 Level 2 and FISMA within environments handling Controlled Unclassified Information (CUI).This role is responsible for executing and sustaining NIST SP 800-171 and NIST SP 800-53 control implementation, maintaining audit and certification readiness, and supporting authorization and assessment activities. The position requires close collaboration with Engineering, DevOps, Cloud, and Security teams to ensure controls are implemented, validated, and supported by audit-ready evidence.Core Skill Categories & ResponsibilitiesGovernance, Risk & Compliance (GRC)Execute and maintain CMMC 2.0 Level 2 compliance programsSupport FISMA compliance aligned to NIST SP 800-53 (Moderate baseline)Maintain System Security Plans (SSPs), POA&Ms, and control traceabilityDrive continuous monitoring (ConMon) and audit readiness initiativesSupport DoD and federal audit preparation, assessments, and certification readinessSecurity Frameworks & StandardsImplement and validate controls aligned to:NIST SP 800-171NIST SP 800-53CMMC 2.0FISMAMap controls to compliance requirements and maintain alignment across systems handling CUITechnical Security Controls (Validation & Implementation)Validate implementation of security controls across:Identity & Access Management (IAM)Logging, Monitoring, and AuditabilityEncryption (at rest and in transit)Vulnerability ManagementConfiguration ManagementIncident Response & Contingency PlanningReview and assess technical artifacts (architecture diagrams, configurations, logs)Ensure controls are properly implemented in AWS cloud environmentsCloud & DevOps CollaborationPartner with Engineering, CloudOps, and DevOps teams to implement and remediate controlsSupport cloud-native architectures and CI/CD pipeline security considerationsTranslate compliance requirements into technical solutions and configurationsRisk Management & AssessmentConduct risk assessments for systems, services, and architectural changesManage risk registers, findings, and remediation trackingPerform third-party and supply chain risk assessments aligned with DoD requirementsAudit, Authorization & Evidence ManagementProduce and maintain audit-ready documentation and evidenceSupport Authority to Operate (ATO) and federal authorization processesValidate and present evidence artifacts during audits and assessmentsCollaborate with stakeholders to remediate findings prior to government reviewRequired QualificationsExperience6+ years in GRC, cybersecurity compliance, or federal security programsHands-on experience with:CMMC 2.0 Level 2DoD environments handling CUIProven experience working directly with engineering and DevOps teamsTechnical & Compliance KnowledgeStrong knowledge of:NIST SP 800-171NIST SP 800-53FISMACMMC 2.0Experience validating technical security controls in AWSAbility to translate compliance requirements into implemented controls and evidenceTools & TechnologiesCloud platforms: AWSGRC artifacts: SSPs, POA&Ms, Risk RegistersSecurity domains: IAM, logging, encryption, vulnerability managementPreferred QualificationsCertificationsCMMC Registered Practitioner (RP)CISSP, CISM, or CISACloud Security Certifications (e.g., AWS Security, CCSP)Additional ExperienceExperience supporting CMMC assessments or readiness programsExperience with federal ATO / authorization processesFamiliarity with CI/CD pipelines and cloud-native architecturesBackground in defense, government contracting, or regulated environments
Showing 500 of 19,945 matching similar jobs
- Associate Consultant - Security and Privacy Advisor
- Remote Overnight Cybersecurity Analyst
- Remote Enterprise Network Security Specialist
- Cybersecurity Solutions Architect: IAM, CASB & EDR Lead
- Physical Security Consultant I - (Chicago/Charlotte/Dallas)
- Remote Cloud Security Architect
- MarTech Platform Architect - Workfront SpecialistDenver, COMarch 30th, 2026
- Senior Application Security Engineer
- Identity & Access Apps Developer II
- Remote IT Cybersecurity Advisor - Strategy & Risk
- Remote Application Security Engineer - Bug Bounty Programs
- SOC Leader
- Application Security Engineer
- Director, Secrets Management & Non‐Interactive Access
- Senior Zero-Trust Security Engineer
- Senior Security Engineer (Compliance & Controls)
- SBOM & Compliance Engineer
- Senior Security Engineer - Compliance & Controls (Remote)
- SOC Malware Forensics Analyst, Senior
- Ride Control System Security Engineer - Operational Technology (OT)
- Endpoint Security / PAM Engineer
- SoC DFT DV Engineer
- Principal Appian Engineer
- CNO Analyst / Engineer III (TS/SCI/FS Poly required)
- IAM Architect
- Senior DevSecOps Engineer
- SoC DFT DV Engineer
- Okta Engineer
- Principal of Security Engineering
- Principal Security Engineering
- Senior SoC Engineer
- Endpoint Engineer - Trellix
- Business Manager - Global Payment Network
- SOC Analyst - Azure
- Sr. Business Manager - Global Payment Network
- SOC Analyst - Azure
- Security Operations Center (SOC) Analyst (Part Time) - GA
- Security Operations Center (SOC) Analyst - AK
- Security Operations Center (SOC) Analyst - HI
- Security Operations Center (SOC) Analyst - GA