6 days ago

Compliance Analyst

Onebrief

Hybrid
Full Time
$170,000
Hybrid

Job Overview

Job TitleCompliance Analyst
Job TypeFull Time
CategoryCommerce
Experience5 Years
DegreeMaster
Offered Salary$170,000
LocationHybrid

Who's the hiring manager?

Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.

Uncover Hiring Manager

Job Description

About Onebrief

Onebrief is collaboration and AI-powered workflow software designed specifically for military staffs. By transforming this work, Onebrief makes the staff as a whole superhuman - meaning faster, smarter, and more efficient.

We take ownership, seek excellence, and play to win with the seriousness and camaraderie of an Olympic team. Onebrief operates as an all-remote company, though many of our employees work alongside our customers at military commands around the world.

Founded in 2019 by a group of experienced planners, today, Onebrief’s team spans veterans from all forces and global organizations, and technologists from leading-edge software companies. We’ve raised $320m+ from top-tier investors, including Battery Ventures, General Catalyst, Sapphire Ventures, Insight Partners, and Human Capital, and today, Onebrief is valued at $2.15B. With this continued growth, Onebrief is able to make an impact where it matters most.

About The Role

You will play a critical role in building and sustaining Onebrief’s governance, risk and compliance program. Leveraging your expertise with NIST RMF and FedRAMP High, you will ensure compliance evidence is created, validated, and continuously organized in various GRC platforms. You will lead efforts to automate control testing, close gaps, and prepare for audits, directly contributing to Onebrief’s ability to obtain and maintain authorizations.

About You

You are a seasoned cybersecurity compliance professional with hands-on experience in federal frameworks and regulatory standards. You excel at translating complex compliance obligations into practical, cloud-native solutions. You thrive in remote, collaborative environments, enjoy solving compliance challenges with both precision and creativity, and are driven by continuous learning and professional growth. Most importantly, you are motivated by building secure, compliant IT ecosystems that enable organizations to scale with confidence.

What You’ll Do

  • Lead and support the full NIST RMF lifecycle for Onebrief deployments, on-prem or cloud-native, across multiple security boundaries
  • Maintain, and review authorization packages, including SSPs, SAPs, SARs, POA&Ms, STIGs, and supporting artifacts
  • Coordinate internal assessments and readiness checks ahead of external audits
  • Partner with Engineers, Product teams, and Security leadership to integrate compliance requirements into system design and operations
  • Provide guidance on secure architecture and control implementation
  • Track regulatory changes and advise leadership on compliance implications
  • Conduct periodic risk assessments and suggest appropriate risk treatment actions
  • Develop internal cybersecurity awareness and training presentations for employees
  • Conduct supply chain risk management assessments for current and future vendors

Basic Qualifications

  • Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field
  • Hands-on expertise with Risk Management Framework across multiple security domains
  • U.S. Citizen
  • 8+ years in Cybersecurity Compliance and related roles
  • Experience with Enterprise Mission Assurance Support Service (eMASS) and leveraging automated evidence collection and testing capabilities
  • Familiarity with cloud security standards (e.g., FedRAMP, ISO 27001, NIST 800-171, DoD Cloud Computing Security Requirements Guide)
  • Strong background in policy development, control testing, and evidence gathering
  • Excellent communication skills for working with both technical and non-technical stakeholders

Certifications (one or more required)

  • CISSP, CISM, CISSO, CPTE, CySA+, FITSP-A, GCSA, CISA, ISSEP, GSLC, or GSNA

Preferred Qualifications

  • Proven ability to prioritize, adapt, and deliver under tight timelines in dynamic, compliance-driven environments
  • Experience in DoD environments and compliance frameworks (RMF and ICD 503)
  • Familiarity with agency-specific overlays (DoD, DHS, or civilian agencies)
  • Experience working with 3PAOs, Security Control Assessors, and Federal Customers

Key skills/competency

  • NIST RMF
  • FedRAMP High
  • GRC Platforms
  • Cybersecurity Compliance
  • Cloud Security Standards
  • Policy Development
  • Risk Assessment
  • DoD Environments
  • eMASS
  • Audit Preparation

Tags:

Compliance Analyst
GRC
NIST RMF
FedRAMP
Risk Management
Cybersecurity
Audit
Policy Development
Control Testing
Supply Chain Risk
Stakeholder Management
GRC Platforms
eMASS
Cloud Security
ISO 27001
NIST 800-171
DoD SRG
STIGs
POA&Ms
SSPs

Share Job:

How to Get Hired at Onebrief

  • Research Onebrief's culture: Study their mission, values, recent news, and employee testimonials on LinkedIn and Glassdoor.
  • Highlight federal compliance expertise: Emphasize hands-on experience with NIST RMF and FedRAMP High on your resume.
  • Showcase cloud-native security solutions: Demonstrate your ability to translate complex compliance into practical cloud solutions.
  • Emphasize remote collaboration skills: Illustrate experience thriving in dynamic, remote, and collaborative environments.
  • Tailor resume for certifications: Ensure your application clearly lists required certifications like CISSP, CISM, or CISA.

Frequently Asked Questions

Find answers to common questions about this job opportunity

Explore similar opportunities that match your background