Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Socure

GRC Analyst – Public Sector

Socure

. Day-to-day coordination and execution of external Third Party Assessment Organization (3PAO) assessments and responding to auditor requests for evidence and documentation.

Posted 5/22/2026full-timeWashington DC • District of Columbia, Washington • 🇺🇸 United StatesMid-LevelSenior💰 $120,000 - $150,000 per yearWebsite

Tech Stack

Tools & technologies
AWSCyber Security

About the role

Key responsibilities & impact
  • Day-to-day coordination and execution of external Third Party Assessment Organization (3PAO) assessments and responding to auditor requests for evidence and documentation.
  • Maintain and update FedRAMP and GovRAMP controls and documentation in alignment with organizational and regulatory requirements, including controls aligned with NIST SP 800-53 rev 5 and other related frameworks.
  • Prepare certification and authorization packages and maintain related documentation such as the System Security Plan (SSP) and associated appendices.
  • Replace manual evidence collection with system-generated, API-driven, or continuously validated evidence where possible.
  • Lead the day-to-day FedRAMP continuous monitoring process including vulnerability management lifecycle, from identification through remediation and verification, coordinating with Security, Engineering, and DevOps teams to address issues identified with tools such as Wiz, Burp Suite, AWS native services, and other platforms and resolve issues within FedRAMP and GovRAMP timelines.
  • Coordinate recurring continuous monitoring compliance activities such as access reviews, incident response exercises, and contingency plan testing.
  • Design scalable and automated access validation mechanisms integrated with identity and infrastructure systems.
  • Design, implement and deliver FedRAMP training programs to promote compliance awareness.
  • Create and manage automated workflows to improve efficiency.
  • Transform compliance evidence from static repositories into dynamic, system-driven evidence models supporting real-time audit readiness.
  • Conduct internal reviews of logged events and control activities, escalating issues or gaps to the Director of GRC and provide status updates and reports highlighting trends, risks, and remediation progress.
  • Collaborate with the Director of GRC to design automation-first and AI-enabled workflows that reduce manual effort and enable scalable compliance operations.
  • Support the development, rollout, and maintenance of machine-readable compliance documentation (e.g., OSCAL or comparable structured formats) to facilitate interoperability.
  • Partner with automation and engineering teams to integrate structured compliance data into Socure’s broader risk management and monitoring ecosystem including vulnerability remediation, access requests, and compliance reporting.
  • Monitor regulatory and industry trends for potential impacts to compliance strategy.
  • Serve as a security subject matter expert for public sector sales activities, translating compliance controls and system capabilities into clear, accurate, and compelling customer-facing narratives.
  • Support development of external communications such as press releases and customer-facing materials related to security certifications and authorizations.
  • Build and maintain scalable response frameworks (e.g., answer libraries, structured content, or AI-assisted tools) to provide consistency, accuracy, and speed across RFP and RFx responses.

Requirements

What you’ll need
  • 5+ years of cybersecurity or identity management experience, including 1+ year in the public sector.
  • Direct experience with FedRAMP, GovRAMP, and NIST frameworks (800-53, 800-63, 800-171).
  • Proven ability to manage continuous monitoring, vulnerability remediation, and compliance reporting.
  • Experience using AI tools (e.g., ChatGPT, Glean, Gemini) and machine-readable formats (e.g., OSCAL) to automate and streamline compliance processes.
  • Strong communication, organization, and collaboration skills with the ability to manage multiple priorities.
  • Ability to adapt to changing requirements.
  • Experience supporting or leading responses to security questionnaires, RFPs, or public sector RFx processes.
  • Must be a U.S. Person (U.S. Citizens or U.S. Permanent Residents) residing in the United States and be able to obtain a U.S. OPM NACI clearance.

Benefits

Comp & perks
  • Offers Equity
  • Offers Bonus

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cybersecurityidentity managementcontinuous monitoringvulnerability remediationcompliance reportingFedRAMPGovRAMPNIST SP 800-53machine-readable formatsautomated workflows
Soft Skills
communicationorganizationcollaborationadaptabilitymulti-priority management
Certifications
U.S. OPM NACI clearance