← all jobs

Governance Risk and Compliance (GRC) Analyst 3

Work from home Full-time role Hiring

C2 Labs partners with clients on their IT transformation journey via data-driven IT strategic planning, application rationalization and redevelopment, and innovative research and development of new industry standards and technologies. C2 Labs provides specialized products and services that allow our clients to innovate with speed and scale seamlessly while maintaining a robust and effective security posture. C2 has a unique approach to client success enablement that is empowered by ART (Application Rationalization and Transformation) and SCIENCE (Strategic Client Interview and Engineering to assess, design, and implement Cloud Ecosystems) to couple creative new approaches/technologies with proven methodologies that deliver rapid results. Must be a US Citizen and capable of passing a Public Trust background investigation. Job Summary: As a Governance Risk and Compliance (GRC) Analyst 3 at C2 Labs you will work with a team of security analysts and engineers to implement regulatory frameworks such as the Federal Information Security Modernization Act (FISMA), the Federal Risk Authorization Management Program (FedRAMP) and the State Risk Authorization Management Program (StateRAMP). You will leverage GRC tools to develop security authorization package documentation such as the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), and the Plan of Actions & Milestones (POA&M) in human readable and machine-readable formats. You will draft security control implementation statements with enough detail to facilitate the testing of the controls and will develop supporting documentation including the Contingency Plan (CP), Incident Response Plan (IRP), and Configuration Management Plan (CMP). As a GRC Analyst 3 your primary responsibility will be to ensure the timely development of the security authorization package in accordance with C2 Labs quality standards. Must be a US Citizen and capable of passing a Public Trust background investigation. Job Responsibilities: Categorize systems in accordance with Federal Information Processing Standards (FIPS) 199 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-60. Select and tailor security controls by applying scoping guidance in accordance with NIST SP 800-53 and FedRAMP specific guidance. Document the implementation characteristics for security controls with enough detail to permit the testing of the security control by an independent assessor/Third Party Assessment Organization (3PAO).

  • Develop, review, and update security authorization package documentation to include

the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Governance Risk and Compliance (GRC) Analyst 3 Report (SAR), and Plan of Actions and Milestones (POA&M).

  • Develop, review, and update supporting documentation including the Contingency Plan

(CP), Incident Response Plan (IRP), and Configuration Management Plan (CMP).

  • Conduct Security Impact Assessments (SIAs) on changes to information systems.
  • Create the Control Implementation Summary (CIS)/Customer Responsibility Matrix

(CRM) workbook outline Cloud Service Provider (CSP) and customer responsibilities.

  • Develop, review, and update policies and procedures to support the implementation of

the NIST 800-53 control families.

  • Leverage the next generation of Governance Risk and Compliance (GRC) tools to

automate the creation of the SSP.

  • Review current security assessment and authorization processes and provide

recommendations for improvement.

  • Develop Risk Assessment Reports (RAR).
  • Provide guidance on NIST 800-53, FedRAMP, and StateRAMP control requirements.
  • Develop and deliver training to educate stakeholders on the various tasks and activities

associated with the RMF. Qualifications:

  • Minimum 3-5 years' experience in IT consulting specializing in Governance, Risk, and

Compliance using the RMF.

  • CISSP, CISM, or CAP certification is preferred
  • Excellent communication and interpersonal skills, with the ability to build a rapport and

trust with clients.

  • Knowledge of the cybersecurity industry to include regulatory frameworks such as the

National Institute of Standards in Technology (NIST) Risk Management Framework (RMF), Federal Risk Authorization Management Program (FedRAMP), Department of Defense (DoD) Impact Levels (2-6), and the State Risk Authorization Management Program (StateRAMP). Governance Risk and Compliance (GRC) Analyst 3

  • Possesses an in-depth understanding of the FedRAMP authorization process and

associated templates and deliverables.

  • Must have experience creating security authorization package documentation (i.e., SSP,

SAP. SAR, & POA&M) and managing system authorization artifacts for a FedRAMP authorized cloud environment. Working knowledge of:

  • NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and

Organizations

  • FedRAMP Security Controls Baselines (i.e., Low, Moderate, High, and Li-

More open positions

Governance, Risk & Compliance Analyst – Remote (PT)

Work from home Full-time role

Information Security GRC Analyst III

Work from home Full-time role

Governance, Risk & Compliance; GRC Analyst

Work from home Full-time role

Governance, Risk & Compliance (GRC) Analyst

Work from home Full-time role

Senior All-Source Intelligence Analyst with Clearance Security - full Remote / Home office

Work from home Full-time role

Remote Member/Customer Services Advocate STARTING PAY $20 per...

Work from home Full-time role

Experienced Inbound Customer Service Representative – Remote Healthcare Operations

Work from home Full-time role

Sales & Education Executive, Northeast

Work from home Full-time role

Part‑Time Data Entry Clerk – Accurate Records Management & Administrative Support at careerzynith

Work from home Full-time role

[Remote] Climate and Decarbonization Strategy Associate

Work from home Full-time role

AutoCAD Expert

Work from home Full-time role

Contract Environmental Consultant

Work from home Full-time role

Client Relations Representative (Stewart Insurance)

Work from home Full-time role

[Remote] Customer Success Manager

Work from home Full-time role

Experienced Full Stack Live Chat Support Specialist – Conversational AI Development

Work from home Full-time role

Director of Success & Career Program Operations

Work from home Full-time role

[Remote] Head of Product Marketing

Work from home Full-time role

Remote Part‑Time Web Chat Associate – Customer Experience Specialist for careerzynith (Dallas, TX)

Work from home Full-time role

HR Coordinator - Fuze Health

Work from home Full-time role

Hamal- Prompt Creation Expert Swedish (Sweden)

Work from home Full-time role

[Remote] Product Line Manager – Intelligent IP/Optical Controller

Work from home Full-time role