Compliance Analyst

About Our Client

The organization develops collaboration and AI-powered workflow software tailored for military staffs. Its technology enhances military staff efficiency by enabling faster, smarter decision-making and operations. Established in 2019 by experienced planners, the team includes veterans from various military branches and technologists from advanced software companies. The organization operates fully remotely, with many employees working alongside military customers worldwide. Backed by over $320 million from leading investors, the company has grown to a valuation of $2.15 billion, allowing it to impact critical defense operations.

About the Opportunity

The Compliance Analyst will play a key role in building and maintaining the governance, risk, and compliance program. The position ensures compliance evidence is created, validated, and managed across governance, risk, and compliance platforms. This role leads automation of control testing, addresses compliance gaps, and prepares for audits, directly supporting the organization’s ability to secure and maintain necessary authorizations.

Responsibilities

• Lead and support the full NIST RMF lifecycle for deployments across on-prem and cloud environments
• Maintain and review authorization packages, including SSPs, SAPs, SARs, POA&Ms, STIGs, and related documents
• Coordinate internal assessments and readiness checks before external audits
• Collaborate with engineering, product, and security teams to integrate compliance into system design and operations
• Provide guidance on secure architecture and control implementation
• Monitor regulatory changes and advise leadership on compliance impacts
• Conduct periodic risk assessments and recommend risk treatment actions
• Develop cybersecurity awareness and training materials for employees
• Perform supply chain risk assessments for current and prospective vendors

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field
• Hands-on experience with Risk Management Framework across multiple security domains
• U.S. Citizen
• Minimum 8 years of experience in cybersecurity compliance or related roles
• Experience with Enterprise Mission Assurance Support Service (eMASS) and automated evidence collection/testing
• Familiarity with cloud security standards such as FedRAMP, ISO 27001, NIST 800-171, and DoD Cloud Computing Security Requirements Guide
• Strong skills in policy development, control testing, and evidence gathering
• Excellent communication abilities for technical and non-technical audiences

Certifications (one or more required)

• CISSP, CISM, CISSO, CPTE, CySA+, FITSP-A, GCSA, CISA, ISSEP, GSLC, or GSNA

Preferred qualifications

• Ability to prioritize and deliver under tight deadlines in compliance-driven environments
• Experience with DoD environments and compliance frameworks (RMF and ICD 503)
• Knowledge of agency-specific overlays (DoD, DHS, or civilian agencies)
• Experience collaborating with 3PAOs, Security Control Assessors, and Federal Customers

Pay Range and Compensation Package

The pay range and compensation package for this role will be determined based on the candidate’s experience, skills, and other relevant factors.

Equal Opportunity Statement

Our client is an equal opportunity employer. They celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, or national origin.

Key skills/competency

• NIST RMF
• Compliance Management
• Cloud Security
• FedRAMP
• ISO 27001
• DoD Compliance
• Risk Assessment
• Security Audits
• Policy Development
• eMASS