Note: The job is a remote job and is open to candidates in USA. RED SKY Consulting is an IT and Cybersecurity staffing solutions company seeking a GRC Analyst to ensure compliance with FedRAMP and other security standards. The role involves supporting audits, maintaining authorization status, and collaborating with various teams to enhance the security posture of cloud services.
Responsibilities
- Support authorization, compliance, and continuous monitoring activities
- Interpret and apply security controls and control enhancements
- Keep key documentation up to date, including system security plans, policies, and control descriptions
- Track compliance against established baselines (Low / Moderate / High)
- Coordinate and support third-party audits (including 3PAO assessments)
- Gather and review evidence from engineering, infrastructure, and operations teams
- Respond to auditor questions and information requests
- Help track remediation efforts and support closure of identified gaps
- Contribute to annual assessments, penetration test reviews, and vulnerability reporting
- Supporting monthly FedRAMP continuous monitoring activities
- Reviewing vulnerability scans and tracking remediation progress
- Coordinating incident reporting and change management impacts
- Ensuring changes follow approved compliance processes
- Identifying and escalating potential compliance risks
- Partner with Cloud Engineering, DevOps, Security Operations, Legal, and Product teams
- Translate technical controls into clear, audit-ready documentation
- Support internal reporting and briefings on compliance status and risk
- Maintain organized compliance evidence repositories
- Assist with internal audits and readiness assessments
- Contribute to updates of policies and standards aligned to federal requirements
- Support responses to customer and government security questionnaires
Skills
- FedRAMP Governance Experience: Specific experience and understanding of the ConMon and POA&M processes are critical
- NIST 800-53 Framework Knowledge: Must be familiar with the framework and be able to identify control families (e.g., IA - Identity Access)
- Audit Support Experience: Experience working with third-party auditors (3PAO), understanding a Document Request List (DRL), and collating evidence for controls
- Strong Organizational & Coordination Skills: The role requires managing the vulnerability process across dozens of internal groups, involving heavy spreadsheet work and tracking
- US Citizenship: This is a mandatory, non-negotiable requirement for the position
- Experience in GRC, cybersecurity compliance, or audit support (typically 2+ years)
- Familiarity with frameworks such as FedRAMP, NIST SP 800-53, or similar compliance programs
- Experience with ServiceNow and Power BI are a plus
- Familiarity with cloud environments such as AWS or Microsoft Azure a plus
- Experience working with auditors or assessment organizations (e.g., 3PAOs) is a plus
- Exposure to cloud environments such as AWS or Azure
- The FedRAMP lifecycle and continuous monitoring processes
- NIST 800-53 control families
- POA&M management and risk tracking
- Analyzing technical controls and clearly documenting compliance
- Working with compliance or GRC tools, ticketing systems, or evidence repositories
Benefits
- RED SKY Consulting Candidate and Client Referral Program!
- If you refer to us a Manager of people or skilled professionals, we will link your name to that person for 18 months.
- If we employ or place that individual or place people into that company thru that manager
Company Overview