Senior GRC Analyst (NIST/GovRAMP/FedRAMP)

It's not just about the policies; it's about the mission!

At Career TEAM, we work to accelerate the human condition. Our award-winning portal, Career EDGE, transforms lives across the U.S.—and behind every secure, compliant experience is a governance expert like you.

We are looking for a Senior GRC Analyst with deep experience in GovRAMP, FedRAMP, NIST 800-53, and SOC 2 to join our growing security and compliance team. You'll take ownership of core elements of our GRC program—the documentation, vendor risk, and policy work that keeps Career EDGE audit-ready and trusted by the state agencies we serve. This is a senior, self-directed role for someone who knows what good looks like, raises the bar on what's already in place, and treats compliance documentation as a craft rather than a checkbox.

Why Join Us?

By joining this incredible company, you will be:

• A senior individual contributor with real ownership over a defined portion of our GRC program.
• Maturing the documentation backbone (SSPs, policies, POA&Ms, risk register, vendor program) that powers our GovRAMP, FedRAMP, and state authorization efforts.
• Working on a product that directly helps thousands of individuals access workforce and educational services.
• Partnering directly with security leadership, engineering, and executive stakeholders—no layers, no hand-holding.
• Driving continuous improvement of policies, controls, and evidence collection across the organization.
• Enjoy a fully remote work environment.

Your Impact on Career TEAM's Success:

As a Senior GRC Analyst, your focus will be deeply hands-on and ownership-oriented:

Compliance Program Ownership

• Maintain and continuously improve the System Security Plan (SSP), policies, procedures, and standards aligned to NIST 800-53 and SOC 2.
• Own the Plan of Action and Milestones (POA&M) lifecycle: tracking, aging, remediation evidence, and monthly continuous monitoring deliverables.
• Manage the control evidence catalog—what evidence exists, where it lives, when it was last refreshed, and what's coming up for renewal.
• Coordinate with the U.S. security team and 3PAOs to support GovRAMP, FedRAMP, and state-level (TX-RAMP, ) authorization and continuous monitoring activities.

Risk, Vendor & Subcontractor Management

• Run our third-party risk management program end-to-end: security questionnaires, due diligence, contract review, recurring reassessments.
• Maintain the enterprise risk register, facilitate risk acceptance decisions, and translate technical risk into business language for executives.
• Administer subcontractor flow-down obligations and PII safeguarding certifications across all relevant agreements.
• Track contractual security obligations across state customer contracts and ensure we meet every commitment on schedule.

Policy, Training & Awareness

• Maintain and version-control our policy library—written in plain English, not boilerplate.
• Run our security awareness training program, phishing simulations, and Rules of Behavior administration.
• Author tabletop exercise scenarios, facilitate exercises, and produce after-action reports with concrete remediation owners.
• Partner with HR and IT on onboarding and offboarding security checklists, access reviews, and acceptable use enforcement.

What We're Looking For:

• Located in the Philippines with night shift work hours (to overlap with U.S. team).
• 7+ years of hands-on GRC experience, with at least 3 years dedicated to FedRAMP, GovRAMP, StateRAMP, TX-RAMP, or CMMC programs at a SaaS company.
• Demonstrated track record authoring SSPs, POA&Ms, and continuous monitoring deliverables for a successful authorization—not just contributing to someone else's work.
• Deep working knowledge of NIST 800-53, NIST 800-171, FIPS 199/200, SOC 2 (Type II), and the practical realities of audit evidence collection.
• Self-starter who can walk into an existing program, identify what needs to mature, and deliver without daily direction. You'll know you're a fit if "figure it out and make it better" sounds like a feature, not a bug.
• Exceptional written English—your documents will be read by state auditors, executives, and 3PAOs.
• Experience running a third-party risk management program and managing vendor security reviews at volume.
• Bachelor's degree in Cybersecurity, Information Systems, or a related field; relevant certifications (CISSP, CISA, CRISC, CGRC/CAP, ISO 27001 Lead Implementer) are a strong plus.
• Bonus: experience with GRC tooling (Drata, Vanta, Hyperproof, ServiceNow GRC) and prior work with U.S. state government customers.

Ready to bring rigor and craft to a compliance program that earns trust at every audit? Apply today and help us prove that doing the right thing—and documenting it well—is what makes lives change at scale.

About Career TEAM:
Founded in 1996, Career TEAM is socially conscious organization that seeks to close the nation’s opportunity divide through government-funded workforce development programs designed to help individuals get the skills, knowledge, and resources needed to obtain quality employment.  In addition to administering these programs, Career TEAM develops and leverages cutting-edge software tools to ignite transformative change within the workforce development industry.  Career TEAM is revolutionizing the operational landscape for workforce development professionals through its Career Edge platform, which includes state-of-the-art job training tools and advanced case management systems.  For more information see www.careeredge.com and www.careerteam.com.

Career TEAM’s outstanding record has resulted in numerous honors, including:

• Named by Inc. Magazine as one of America's 500 fastest growing privately held companies
• Recipient of the US Chamber of Commerce Blue Chip Enterprise Award for innovation
• Featured by 60 Minutes, CNN, Money Magazine, Inc. Magazine and the British Broadcasting Network as an innovative, government funded solutions program
• Invited to the White House after being cited by the National Welfare-to-Work Partnership and National Alliance of Business as a top 10 US training provider

Career Team is an Equal Opportunity Employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

Background Check Requirements. Employment is contingent upon successful completion of a background check (including criminal, prior employment and education verification). Failure to satisfactorily complete the background check may affect the application status of applicants or continued employment of current employees who apply for the position.