Product GRC SME, Vanta for Government
At Vanta, our mission is to secure the internet and protect consumer data. We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it. As Vanta rapidly grows and moves upmarket, we’re working with increasingly sophisticated customers who have complex security and compliance needs, especially within the federal government sector. The GRC Subject Matter Experts play a critical role in delivering high-quality, scalable content to help these companies effectively manage their GRC programs. As Vanta’s newest GRC Subject Matter Expert, you’ll be responsible for developing GRC solutions that support our growing list of global federal and public sector customers, with a critical focus on FedRAMP authorization and continuous monitoring. Acting as a bridge between Product Management, customers, and compliance stakeholders, you’ll ensure that our solutions align with key federal security and privacy frameworks. You’ll play a pivotal role in designing, maintaining, and improving compliance-related content while providing strategic input to shape Vanta’s overall GRC product roadmap, with a particular emphasis on our Vanta for Government (V4G) offering. You’ll join Vanta’s Security organization, which provides essential security operational services, is directly involved in the software development process, sets policies and standards regarding enterprise-wide security requirements, and offers advisory services to enable our business to thrive while effectively managing risk. If you’re someone who has high initiative and enjoys problem solving while having impact at a high-growth company, we would love to hear from you! You’ll be part of Vanta’s Security organization that directly influences product development, facilitates the creation of automated GRC solutions for customers, and provides expert advisory services to Vantans at large. If you love solving complex problems, thrive in a fast-paced environment, and want to make a real impact at a high-growth company, we’d love to hear from you! What you’ll do as a GRC SME at Vanta
- Develop New Federal Compliance Frameworks, with a FedRAMP Focus – Lead building new security, privacy, and risk management frameworks for end-users, , with a strong focus on FedRAMP (all baselines - Low, Moderate, High), CMMC, and NIST 800-53. This includes developing content to support the creation and maintenance of FedRAMP Authorization Packages (e.g., System Security Plans (SSPs), Plan of Action & Milestones (POA&Ms), Security Assessment Reports (SARs)).
- Optimize GRC Content for V4G – Map evidence requirements, improve control descriptions, write policies, risk scenarios, implementation guidance to enhance clarity and usability for federal compliance, with a particular emphasis on streamlining processes for FedRAMP authorization and continuous monitoring within the V4G platform. Help to develop AI features to support these efforts.
- Analyze Feedback – Identify and resolve issues with control mappings, evidence requirements, and framework content based on input from federal agencies, authorized third-party assessment organizations (3PAOs), and government auditors. Act as a subject matter expert during engagements related to FedRAMP assessments and audits.
- Collaborate Across Teams for Federal Solutions – Work with software engineers, product designers, and customer-facing teams to ensure that GRC content is appropriately integrated into Vanta’s platform and meets end-user needs and V4G requirements, especially those pertaining to FedRAMP.
- Partner with Product for Federal Innovation – Work closely with our Product team to advise on the development of new GRC features in the platform, driving innovation for Vanta for Government (V4G) and enhancing our capabilities for FedRAMP readiness and ongoing compliance.
How to be successful in this role:
- 5-7+ years of experience in GRC and/or Information Security with significan