Senior GRC Analyst (NIST/GovRAMP/FedRAMP)

Requirements

• Located in the Philippines with night shift work hours (to overlap with U.S. team).
• 7+ years of hands-on GRC experience, with at least 3 years dedicated to FedRAMP, GovRAMP, StateRAMP, TX-RAMP, or CMMC programs at a SaaS company.
• Demonstrated track record authoring SSPs, POA&Ms, and continuous monitoring deliverables for a successful authorization-not just contributing to someone else's work.
• Deep working knowledge of NIST 800-53, NIST 800-171, FIPS 199/200, SOC 2 (Type II), and the practical realities of audit evidence collection.
• Self-starter who can walk into an existing program, identify what needs to mature, and deliver without daily direction. You'll know you're a fit if "figure it out and make it better" sounds like a feature, not a bug.
• Exceptional written English-your documents will be read by state auditors, executives, and 3PAOs.
• Experience running a third-party risk management program and managing vendor security reviews at volume.
• Bachelor's degree in Cybersecurity, Information Systems, or a related field; relevant certifications (CISSP, CISA, CRISC, CGRC/CAP, ISO 27001 Lead Implementer) are a strong plus.
• Bonus: experience with GRC tooling (Drata, Vanta, Hyperproof, ServiceNow GRC) and prior work with U.S. state government customers.
• Ready to bring rigor and craft to a compliance program that earns trust at every audit? Apply today and help us prove that doing the right thing-and documenting it well-is what makes lives change at scale.
• About Career Team:
• Founded in 1996, Career Team is socially conscious organization that seeks to close the nation's opportunity divide through government-funded workforce development programs designed to help individuals get

Benefits

Additional Information

It's not just about the policies; it's about the mission! At Career TEAM, we work to accelerate the human condition. Our award-winning portal, Career EDGE, transforms lives across the U.S.-and behind every secure, compliant experience is a governance expert like you. We are looking for a Senior GRC Analyst with deep experience in GovRAMP, FedRAMP, NIST 800-53, and SOC 2 to join our growing security and compliance team. You'll take ownership of core elements of our GRC program-the documentation, vendor risk, and policy work that keeps Career EDGE audit-ready and trusted by the state agencies we serve. This is a senior, self-directed role for someone who knows what good looks like, raises the bar on what's already in place, and treats compliance documentation as a craft rather than a checkbox. Why Join Us? By joining this incredible company, you will be: A senior individual contributor with real ownership over a defined portion of our GRC program. Maturing the documentation backbone (SSPs, policies, POA&Ms, risk register, vendor program) that powers our GovRAMP, FedRAMP, and state authorization efforts. Working on a product that directly helps thousands of individuals access workforce and educational services. Partnering directly with security leadership, engineering, and executive stakeholders-no layers, no hand-holding. Driving continuous improvement of policies, controls, and evidence collection across the organization. Enjoy a fully remote work environment. Your Impact on Career TEAM's Success: As a Senior GRC Analyst, your focus will be deeply hands-on and ownership-oriented: Compliance Program Ownership Maintain and continuously improve the System Security Plan (SSP), policies, procedures, and standards aligned to NIST 800-53 and SOC 2. Own the Plan of Action and Milestones (POA&M) lifecycle: tracking, aging, remediation evidence, and monthly continuous monitoring deliverables. Manage the control evidence catalog-what evidence exists, where it lives, when it was last refreshed, and what's coming up for renewal. Coordinate with the U.S. security team and 3PAOs to support GovRAMP, FedRAMP, and state-level (TX-RAMP, ) authorization and continuous monitoring activities. Risk, Vendor & Subcontractor Management Run our third-party risk management program end-to-end: security questionnaires, due diligence, contract review, recurring reassessments. Maintain the enterprise risk register, facilitate risk acceptance decisions, and translate technical risk into business language for executives. Administer subcontractor flow-down obligations and PII safeguarding certifications across all relevant agreements. Track contractual security obligations across state customer contracts and ensure we meet every commitment on schedule. Policy, Training & Awareness Maintain and version-control our policy library-written in plain English, not boilerplate. Run our security awareness training program, phishing simulations, and Rules of Behavior administration. Author tabletop exercise scenarios, facilitate exercises, and produce after-action reports with concrete remediation owners. Partner with HR and IT on onboarding and offboarding security checklists, access reviews, and acceptable use enforcement.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at cteph? Share your experience