GRC Analyst – Public Sector

SocureCarson City, nevada, United States$95k – $115k+ Equity1mo ago

In Office Junior NA Public Sector Fintech Cybersecurity Legal KYC Analyst Junior Analyst Financial Quantitative Analyst Auditor Reporting Team Management Prospecting Customer Relations Gemini

Upload My Resume

Drop here or click to browse · PDF, DOCX, TXT

Apply in One Click

Requirements

Monitor new and evolving requirements and perform gap analyses including
Updates to applicable NIST Special Publications and other government standards
Contract security requirements from new customers
Updates to the FedRAMP Program requirements and processes as the program evolves
Provide input to standards bodies on evolving standards when applicable
5+ years of cybersecurity or identity management experience, including 1+ year in the public sector.
Direct experience with FedRAMP, GovRAMP, and NIST frameworks (800-53, 800-63, 800-171).
Proven ability to manage continuous monitoring, vulnerability remediation, and compliance reporting.
Experience using AI tools (e.g., ChatGPT, Glean, Gemini) and machine-readable formats (e.g., OSCAL) to automate and streamline compliance processes.
Strong communication, organization, and collaboration skills with the ability to manage multiple priorities.
Ability to adapt to changing requirements
Must be a U.S. Person (U.S. Citizens or U.S. Permanent Residents) residing in the United States and be able to obtain a U.S. OPM NACI clearance.
Experience in regulated industries (e.g., financial services, healthcare) and knowledge of privacy and compliance frameworks such as GDPR, CCPA, and key NIST standards.
Professional certifications preferred (CISSP, CISM, CISA, IAPP).
Proven success leading certification and compliance initiatives (FedRAMP, GovRAMP, NIST 800-63/171)
Skilled in continuous monitoring, vulnerability management, policy updates, and audit coordination across cross-functional teams.
Strong understanding of evolving cybersecurity standards and digital identity regulations, with the ability to translate them into practical risk and compliance improvements.

Responsibilities

Compliance & Certification Management
Day-to-day coordination and execution of external Third Party Assessment Organization (3PAO) assessments and responding to auditor requests for evidence and documentation.
Maintain and update FedRAMP and GovRAMP controls and documentation in alignment with organizational and regulatory requirements, including controls aligned with NIST SP 800-53 rev 5 and other related frameworks.
Prepare certification and authorization packages and maintain related documentation such as the System Security Plan (SSP) and associated appendices.
Continuous Monitoring & Vulnerability Management
Lead the day-to-day FedRAMP continuous monitoring process including vulnerability management lifecycle, from identification through remediation and verification, coordinating with Security, Engineering, and DevOps teams to address issues identified with tools such as Wiz, Burp Suite, AWS native services, and other platforms and resolve issues within FedRAMP and GovRAMP timelines.
Coordinate recurring continuous monitoring compliance activities such as access reviews, incident response exercises, and contingency plan testing.
Access Management & Training
Oversee access controls for FedRAMP environments, including access requests, least privilege reviews and role-based access control validation and quarterly access certifications.
Design, implement and deliver FedRAMP training programs to promote compliance awareness
Create and manage automated workflows to improve efficiency.
Audit & Assessment Readiness
Maintain compliance evidence repositories. audit preparation materials, and reporting artifacts.
Conduct internal reviews of logged events and control activities, escalating issues or gaps to the Director of GRC and provide status updates and reports highlighting trends, risks, and remediation progress.
Process Improvement & Collaboration
Collaborate with the Director of GRC to design and implement AI-enabled compliance workflows, leveraging automation tools to streamline evidence generation, reporting, and audit readiness
Support the development, rollout, and maintenance of machine-readable compliance documentation (e.g., OSCAL or comparable structured formats) to facilitate interoperability
Partner with automation and engineering teams to integrate structured compliance data into Socure’s broader risk management and monitoring ecosystem including vulnerability remediation, access requests, and compliance reporting.
Monitor regulatory and industry trends for potential impacts to compliance strategy.
Public Sector Sales & Customer Engagement
Serve as a security subject matter expert for public sector sales activities, including prospect briefings, RFP/RFQ responses, contract negotiations, and integration discussions.
Support development of external communications such as press releases and customer-facing materials related to security certifications and authorizations.

Benefits

This represents the expected salary range for this job. Final offers may vary from the amount listed based on factors including geography, candidate experience and expertise, and other job related factors. Socure's compensation and rewards package for full-time roles includes a market competitive salary, equity, comprehensive benefits, and, for applicable roles, commissions plans or an annual discretionary performance bonus. $95K – $115K • Offers Equity • Offers Bonus
This is a base salary range for this job based on the job requirements.
Base pay is only one component of Socure's compensation and our total rewards package includes equity, benefits, and an annual bonus or a commission plan.
annual bonus
commission plan.
Upload your resume here to autofill key application fields.
Drop your resume here!
Parsing your resume. Autofilling key fields...
Please note: We have set up limits for applications for this role:
Candidates may not apply more than 2 times in any 60 day span for any job at Socure.
Candidates may not re-apply to the same role within 365 days.
or drag and drop here
Unfortunately we are unable to hire employees living in these states.
Socure's Recruiting Privacy Policy
Decline to self-identify
Hispanic or Latino - A person of Cuban, Mexican, Puerto Rican, South or Central American, or other Spanish culture or origin regardless of race.
Hispanic or Latino
White (Not Hispanic or Latino) - A person having origins in any of the original peoples of Europe, the Middle East, or North Africa.
White
Black or African American (Not Hispanic or Latino) - A person having origins in any of the black racial groups of Africa.
Black or African American
Native Hawaiian or Other Pacific Islander (Not Hispanic or Latino) - A person having origins in any of the peoples of Hawaii, Guam, Samoa, or other Pacific Islands.
Native Hawaiian or Other Pacific Islander
Asian (Not Hispanic or Latino) - A person having origins in any of the original peoples of the Far East, Southeast Asia, or the Indian Subcontinent, including, for example, Cambodia, China, India, Japan, Korea, Malaysia, Pakistan, the Philippine Islands, Thailand, and Vietnam.
Asian
American Indian or Alaska Native (Not Hispanic or Latino) - A person having origins in any of the original peoples of North and South America (including Central America), and who maintain tribal affiliation or community attachment.
American Indian or Alaska Native
Two or More Races (Not Hispanic or Latino) - All persons who identify with more than one of the above five races.
Two or More Races
Hispanic or Latino
White (Not Hispanic or Latino)
Black or African American (Not Hispanic or Latino)
Native Hawaiian or Other Pacific Islander (Not Hispanic or Latino)
Asian (Not Hispanic or Latino)
American Indian or Alaska Native (Not Hispanic or Latino)
Two or More Races (Not Hispanic or Latino)
I identify as one or more of the classifications of protected veteran listed above
I am not a protected veteran