Posted Jul 9, 2026

GRC Analyst / FedRAMP Project Manager

Apply for this Position →
Leidos Digital Solutions, Inc. (DSI) is seeking a GRC Analyst / FedRAMP Project Manager to fill a role as central point of coordination for maintaining and strengthening our FedRAMP Moderate Authorization to Operate (ATO) for our IQ product SaaS offering. In this role, you will lead the program team in documenting, validating and monitoring security control implementations to ensure ongoing FISMA and FedRAMP compliance. This role will also be responsible for leading the ongoing changes based on FedRAMP baseline improvement releases (BIR) like 20x. Primary Duties & Responsibilities: • Ensuring government and industry standards are met by managing risk, overseeing compliance, and developing security policies. • Lead readiness for evolving FedRAMP standards, including FedRAMP 20x. Manage transition to 20x by tracking program changes, identifying compliance gaps, and coordinating documentation and process updates with engineering, development and other stakeholders. • Manage continuous monitoring (ConMon), POA&Ms, annual assessments, evidence quality, and overall ATO health. • Translate regulatory and framework requirements into clear, implementable expectations. • Contribute to the development, review, and maintenance of information security policies, standards, and procedures. • Maintain awareness of emerging threats, regulatory changes, and industry best practices. • Partner with engineering, development, and business teams to support effective and practical security control implementation. • Primary driver for the continued success of an established FedRAMP program with multiple agency customers • Act as main point of contact and liaison with agencies, PMO, 3PAO, and Infrastructure provider. • Manage the comprehensive project plan, schedule, and budget for ongoing FedRAMP compliance. • Prepare, schedule, and lead annual assessment with 3PAO. • Update, review, and submit documentation and artifacts required by the security package 6 SSP, POA&M, and SAR • Guide the organization in adhering to the required FedRAMP security controls • Manage relationship with FedRAMP infrastructure provider to include tickets, regular meetings, vulnerability scanning, reporting, billing, etc. • Provide awareness to internal stakeholders relating to CIRTs and changes in the FedRAMP program • Provide support to Sales and Marketing activities such as reviewing RFPs and providing response content on Proposals for Security and Control related questions