Note: The job is a remote job and is open to candidates in USA. Onebrief is a company that builds collaboration and AI-powered workflow software for military planning and operational coordination. The Corporate Governance, Risk, and Compliance Analyst role involves ensuring compliance with various frameworks, maintaining audit evidence, and automating control testing to enhance operational efficiency across federal and corporate environments.
Responsibilities
- Own RMF authorizations across Department of War components and FedRAMP High, alongside CMMC 2.0 and SOC 2 compliance for corporate systems
- Maintain authorization and audit evidence, including SSPs, SARs, POA&Ms, STIGs, and control mappings
- Partner with Engineering, Product, and Security to embed compliance requirements into system design and CI/CD workflows, not bolt them on afterward
- Coordinate internal assessments and external audit readiness across all applicable frameworks
- Track regulatory and contractual changes and advise leadership on what they mean for Onebrief
- Run risk assessments and vendor/supply chain risk reviews across both federal and corporate environments
Skills
- U.S. Citizen
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field
- 8+ years in cybersecurity compliance
- Hands-on expertise with RMF and at least one of CMMC 2.0 or SOC 2
- One or more of the following certifications: CISSP, CISM, CISSO, CPTE, CySA+, FITSP-A, GCSA, CISA, ISSEP, GSLC, or GSNA
- Experience with GRC platforms, including automated evidence collection and testing (eMASS experience a plus)
- Experience in DoD environments and compliance frameworks (RMF, ICD 503)
- Familiarity with agency-specific overlays (DoD, DHS, or civilian agencies)
- Experience working with 3PAOs, Security Control Assessors, federal customers, or SOC 2 auditors
- Familiarity with cloud security standards (FedRAMP, ISO 27001, NIST 800-171, DoD Cloud Computing SRG)
Benefits
- Offers Equity
Company Overview