Grc Analyst – Public Sector

Socure Socure · Vertical AI · Washington, DC · Commercial

GRC Analyst for Public Sector business, focusing on FedRAMP and GovRAMP compliance. The role involves managing vulnerability remediation, continuous monitoring, access oversight, and evidence preparation. It emphasizes automation-first, system-driven solutions, and AI-enabled workflows to reduce manual effort and enable continuous compliance. The analyst will also translate internal compliance systems into customer-facing outputs like RFP responses and audit artifacts, acting as a security subject matter expert for public sector sales.

What you'd actually do

  1. Day-to-day coordination and execution of externalThird Party Assessment Organization (3PAO) assessments and responding to auditor requests for evidence and documentation.
  2. Design and evolve an automation-first continuous monitoring program leveraging system integrations, telemetry, and real-time data pipelines
  3. Design scalable and automated access validation mechanisms integrated with identity and infrastructure systems
  4. Collaborate with the Director of GRC to design automation-first and AI-enabled workflows that reduce manual effort and enable scalable compliance operations
  5. Serve as a security subject matter expert for public sector sales activities, translating compliance controls and system capabilities into clear, accurate, and compelling customer-facing narratives.

Skills

Required

  • 5+ years of cybersecurity or identity management experience
  • 1+ year in the public sector
  • Direct experience with FedRAMP, GovRAMP, and NIST frameworks (800-53, 800-63, 800-171)
  • Proven ability to manage continuous monitoring, vulnerability remediation, and compliance reporting
  • Experience with system integrations, telemetry, and real-time data pipelines
  • Experience with access management and identity systems
  • Experience with security subject matter expertise for sales

Nice to have

  • Experience with Wiz, Burp Suite, AWS native services
  • Experience with machine-readable compliance documentation (e.g., OSCAL)
  • Experience with AI-assisted tools for RFP responses

What the JD emphasized

  • FedRAMP
  • GovRAMP
  • NIST SP 800-53
  • automation-first
  • AI-enabled workflows
  • continuous monitoring
  • vulnerability remediation