← all jobs

GRC Analyst, Federal Programs

Work from home Full-time role Hiring

Job Description:

  • Serve as a member of Sword's GRC team, contributing to security compliance across all products and services, with primary ownership of federal programs;
  • Define and maintain the CMMC assessment boundary, working across infrastructure, engineering, and business teams to ensure the scope is accurate and defensible;
  • Map NIST SP 800-171 practices to Sword's current environment and produce a clear, evidence-based gap analysis;
  • Translate identified gaps into prioritized remediation tasks with clear ownership, for audiences ranging from DevOps engineers to clinical operations managers;
  • Build and maintain the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and all artifacts required for assessment;
  • Serve as Sword's primary interface with the C3PAO and assessment team during formal CMMC assessments;
  • Drive FedRAMP readiness in parallel, including control documentation, evidence collection, and continuous monitoring;
  • Contribute to audits and compliance activities across other active frameworks, including SOC 2 and HITRUST, as part of Sword's broader GRC program.

Requirements:

  • 5+ years of hands-on experience in GRC, compliance, or security, with at least 3 of those years focused on federal compliance frameworks such as CMMC or FedRAMP;
  • Demonstrated experience owning deliverables and driving remediation through a CMMC, FedRAMP, or equivalent federal compliance effort;
  • Strong working knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling requirements;
  • Ability to produce compliance documentation — SSPs, POA&Ms, gap analyses, control narratives — without heavy supervision;
  • Proven ability to communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business teams;
  • Experience engaging directly with external auditors and assessors, including evidence packaging and real-time response during assessments;
  • US citizenship required;
  • Ability to obtain a federal Public Trust designation if required by a sponsoring agency.

What we would love to see

• CMMC Certified Professional (CCP) credential, or active pursuit of it;

  • CMMC Certified Assessor (CCA) credential;
  • Hands-on experience with FedRAMP authorization packages, continuous monitoring, and agency ATO processes;
  • Background in defense contracting or regulated health tech environments;
  • Experience working across multiple compliance frameworks simultaneously (HITRUST, SOC 2, ISO 27001);
  • Familiarity with GRC platforms such as Hyperproof, Drata, or Vanta.

Benefits:

  • Comprehensive health, dental and vision insurance*

• Life and AD&D Insurance* • Financial advisory services* • Supplemental Insurance Benefits (Accident, Hospital and Critical Illness)* • Health Savings Account* • Equity shares* • Discretionary PTO plan* • Parental leave* • 401(k)

  • Flexible working hours
  • Remote-first company
  • Paid company holidays
  • Free digital therapist for you and your family

More open positions

Director, Governance, Risk, and Compliance – GRC

Work from home Full-time role

Director, Governance, Risk, and Compliance (GRC)

Work from home Full-time role

GRC Analyst, Federal Programs

Work from home Full-time role

GRC Analyst

Work from home Full-time role

Global intelligence analyst (days/hours tbd)

Work from home Full-time role

Supervisor, Internet Sales - Buffalo, NY

Work from home Full-time role

[Remote] Senior Account Executive, Sales (GovTech)

Work from home Full-time role

Junior Analytics Specialist

Work from home Full-time role

Insurance Producer - Fort Worth, TX

Work from home Full-time role

Remote Data Entry Clerk Part Time Typing Opportunity at careerzynith

Work from home Full-time role

AI Engineer – FDE (Forward Deployed Engineer)

Work from home Full-time role

Lead Underwriter - Environmental Casualty, Products Liability and Pollution, Manufacturing job at AXIS Capital in New York, NY, Chicago, IL, Alpharetta, GA, Kansas City, MO, Short Hills, NJ, Princeton, NJ, Red Bank, NJ

Work from home Full-time role

AVP Tech, Software Development

Work from home Full-time role

AI Writing Evaluator (Remote | Flexible Hours | Freelance)

Work from home Full-time role

Senior PM – Consumer App

Work from home Full-time role

Data Scientist

Work from home Full-time role

CUSTOMER SERVICE REPRESENTATIVE 4

Work from home Full-time role

Join Today: Remote Chat Agent (Entry-Level) at KeyGlee

Work from home Full-time role

[Remote] Senior Software Engineer

Work from home Full-time role

Air Customer Service Agent – Remote (U.S.) – Guest Travel Support & Ticketing Specialist at careerzynith

Work from home Full-time role

Chamorro Medical Over-the-Phone Interpreter

Work from home Full-time role