GRC Engineer – CMMC, FedRAMP

Job Description:

• Interpret and Apply FedRAMP Requirements: Analyze and apply NIST SP 800-53 controls, FedRAMP baselines, and agency-specific requirements to ensure client compliance.
• Develop and Maintain FedRAMP Documentation: Develop and maintain System Security Plans (SSPs), control implementation narratives, POA&Ms, SAPs, SARs, and continuous monitoring artifacts.
• Conduct FedRAMP Readiness Assessments: Perform gap analyses and readiness reviews to prepare organizations for JAB or Agency ATO pathways.
• Support Authorization and Assessment Activities: Coordinate with Third-Party Assessment Organizations (3PAOs), cloud service providers, and government stakeholders throughout the FedRAMP lifecycle.
• Boundary Definition & Scoping: Perform CMMC/FedRAMP authorization boundary definition and system scoping activities.
• Support Continuous Monitoring Programs: Conduct monthly, quarterly, and annual FedRAMP continuous monitoring requirements.
• Support FedRAMP Engagements: Assist on multiple concurrent client projects.
• Support CMMC and NIST 800-171 Compliance Efforts: Assist defense contractors with interpreting CMMC 2.0 and NIST SP 800-171 controls and implementing compliant security programs.
• Develop CMMC Documentation: Contribute to SSPs, POA&Ms, and supporting artifacts required for CMMC Level 1 and Level 2 readiness.

Requirements:

• Strong organizational and project management skills with the ability to manage multiple engagements concurrently
• 2+ years of experience in GRC, with exposure to FedRAMP, NIST SP 800-53, and federal compliance programs
• Working knowledge of CMMC 2.0 and NIST SP 800-171 requirements
• Experience authoring and reviewing SSPs, POA&Ms, and assessment artifacts
• Familiarity with federal cloud environments (AWS GovCloud, Azure Government, GCC High)
• Experience working with SaaS providers, federal contractors, or regulated technology organizations
• Ability to thrive in a fast-paced, consulting, or startup environment.

Benefits:

• Reliable high-speed internet connection.
• Quiet, professional home office setup.
• Must be amenable to work US Eastern Time zone hours.
• Fluency in written and verbal English communication skills.

Apply tot his job Apply To this Job