Compliance Analyst (GRC/RMF Focused)
Full-time
Hybrid
USA - Must Work EST (8:30AM - 5:30PM)
U.S Citizen
Primary Purpose and Goal of Role
The Compliance Analyst (GRC/RMF Focused) supports governance, risk, and compliance (GRC) initiatives by developing, maintaining, and managing security documentation and compliance artifacts aligned with federal standards. This role plays a key part in supporting Risk Management Framework (RMF) activities, continuous monitoring, and authorization efforts across federal and regulated environments. This role requires strong expertise in NIST SP 800-53, FISMA, and related guidance, with the ability to translate technical system configurations into clear, audit-ready documentation. The ideal candidate is detail-oriented, organized, and capable of managing multiple compliance workstreams while engaging effectively with both technical and non-technical stakeholders.
Responsibilities
- Experience authoring and maintaining security documentation, including System Security Plans (SSPs), control implementation statements, policies, and procedures
- Strong knowledge of NIST SP 800-53 Moderate and High baselines and FISMA requirements
- Ability to develop documentation in accordance with Agency-specific security and compliance requirements
- Experience supporting FedRAMP and/or CMMC compliance efforts
- Working understanding of SOC 2 principles and control structures
- Hands-on experience with GRC tools
- Ability to translate technical system configurations into clear, audit-ready documentation
- Experience developing and managing POA&Ms and supporting continuous monitoring activities
- Strong understanding of NIST standards and supporting guidance (e.g., 800-60, 800-37, 800-171, 800-137)
- Ability to engage directly with customers, lead discussions, and clearly communicate requirements to both technical and non-technical stakeholders
- Strong written and verbal communication skills with a focus on clarity and professionalism
- Proven ability to manage multiple priorities and meet strict deadlines in a fast-paced environment
- High attention to detail with strong organizational and documentation management skills
- Proficiency with standard business tools (e.g., Microsoft Word, Excel, SharePoint, Teams)
- Technical proficiency with On Prem environments, Cloud environments, and associated security concepts
- Basic understanding of AI tools and ability to leverage them for documentation development (including effective prompting techniques)
- Ability to work independently while coordinating effectively across internal teams and stakeholders
REQUIREMENTS
- Bachelor’s degree in Cybersecurity, Information Technology, Information Systems, or a related field
- Minimum 3–6+ years of experience in GRC, RMF, or cybersecurity compliance roles within federal or regulated environments
- Strong knowledge of NIST SP 800-53, FISMA, and supporting NIST guidance (e.g., 800-37, 800-60, 800-171, 800-137)
- Experience supporting FedRAMP, CMMC, and/or SOC 2 compliance efforts
- Hands-on experience with GRC platforms and compliance tracking tools
- Technical understanding of on-premises and cloud environments and associated security concepts
- Proven ability to produce audit-ready documentation and manage compliance artifacts
- Strong written and verbal communication skills with the ability to clearly convey complex information
- Demonstrated ability to manage multiple projects and deadlines with strong organizational skills
- Experience working independently while coordinating across cross-functional teams
- Must be a U.S. Citizen and eligible to support federal contracting environments
Quzara LLC is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring based on sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law.