The Opportunity
We are seeking a Sr. GRC Engineer (Government) who is highly motivated, detail-oriented, and experienced with these compliance frameworks. The ideal candidate will have strong communication skills, proven ability to manage multiple projects, and experience leading or mentoring a small team.
What You'll Do
Client Relationship Management (Primary Focus)
• Guide Clients Through Federal Authorization Processes: Lead clients through NIST SP 800-53 and FedRAMP compliance initiatives, providing proactive communication, clear milestone guidance, and hands-on support throughout the Assessment and Authorization (A&A) lifecycle.
• Collaborate Closely with Clients: Partner directly with organizations pursuing federal authorizations to understand their environment, identify security gaps, and drive progress toward achieving and maintaining compliance.
• Be a Trusted Compliance Advisor: Deliver expert guidance on NIST SP 800-53, FedRAMP requirements, and federal cybersecurity standards in a way that is accessible, actionable, and aligned with each client's unique operational environment.
Team Leadership
• Lead and Mentor a Compliance Team: Provide direction, feedback, and professional development support to a small team of compliance professionals, maintaining quality standards and accountability across client engagements.
• Drive Consistent Delivery: Manage and coordinate multiple NIST SP 800-53 and FedRAMP compliance projects across various clients, ensuring milestones and deliverables are met ahead of authorization deadlines.
NIST 800-53 & FedRAMP Compliance Execution
• Interpret and Apply Security Controls: Analyze and interpret NIST SP 800-53 security and privacy controls and control baselines to ensure client compliance with federal cybersecurity standards.
• Develop and Maintain Authorization Documentation: Create, implement, and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other authorization documentation required for NIST SP 800-53 and FedRAMP.
• Conduct Gap Assessments: Perform readiness reviews to identify and address control deficiencies for organizations pursuing an Authorization to Operate (ATO) or FedRAMP authorization.
• Support Assessment Activities: Guide clients through the Assessment and Authorization (A&A) process and coordinate with Third-Party Assessment Organizations (3PAOs) and independent assessors.
• Collaborate on Remediation Efforts: Work closely with clients to identify and remediate gaps in their security programs to meet NIST SP 800-53 Low, Moderate, and High control baselines.
• Monitor Regulatory Updates: Stay current on evolving NIST SP 800-53 revisions, FedRAMP requirements, and federal cybersecurity policies and guidance to ensure client programs remain compliant and ahead of changing requirements.
Who You Are
Required
• Strong organizational skills with the ability to manage multiple NIST SP 800-53 compliance projects concurrently.
• 5+ years of experience in federal compliance, NIST SP 800-53, FedRAMP, or RMF implementation.
• 3+ years of leadership experience managing or guiding a small team.
• Deep understanding of the NIST Risk Management Framework (RMF) and the security and privacy control families within NIST SP 800-53.
• Experience with NIST SP 800-53 control implementation and assessment.
• Familiarity with FedRAMP authorization paths and federal agency workflows.
• Experience working with cloud service providers (CSPs) or organizations pursuing federal authorizations.
• Knowledge of common FedRAMP-authorized cloud environments such as AWS GovCloud, Azure Government, or GCC High.
• Thrives in a fast-paced startup environment.
Nice to Have
• CGRC (Certified in Governance, Risk and Compliance) or CAP (Certified Authorization Professional) certification.
• Security+ or CISSP certification.
• Experience with FedRAMP authorization and continuous monitoring (ConMon) activities.
• Previous experience working directly with 3PAOs or as part of security assessment teams.
What We Offer
• Career Development: Clear growth path with mentorship and training opportunities
• Technical Training: Comprehensive onboarding on security and compliance frameworks
• Competitive Compensation: Competitive base salary with regular performance reviews, merit-based appraisals, and bonus opportunities
• Growth Opportunity: Early-stage company with significant room for career advancement
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team
Work Environment Requirements
• Reliable high-speed internet connection
• Quiet, professional home office setup
• Must be amenable to working US Eastern Time zone hours
• Fluency in written and verbal English communication skills