Jobs · Legal

Corporate Governance, Risk, and Compliance Analyst

Onebrief · NAMER · 1 wk ago
RemoteRemoteLegalFull-time

Core responsibilities

  • Own RMF authorizations across Department of War components and FedRAMP High, alongside CMMC 2.0 and SOC 2 compliance for corporate systems
  • Maintain authorization and audit evidence, including SSPs, SARs, POA&Ms, STIGs, and control mappings
  • Partner with Engineering, Product, and Security to embed compliance requirements into system design and CI/CD workflows, not bolt them on afterward
  • Coverage internal assessments and external audit readiness across all applicable frameworks
  • Track regulatory and contractual changes and advise leadership on what they mean for Onebrief
  • Run risk assessments and vendor/supply chain risk reviews across both federal and corporate environments

Minimum Qualifications

  • U.S. Citizen
  • Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field
  • 8+ years in cybersecurity compliance
  • Hands-on expertise with RMF and at least one of CMMC 2.0 or SOC 2
  • One or more of the following certifications: CISSP, CISM, CISSO, CPTE, CySA+, FITSP-A, GCSA, CISA, ISSEP, GSLC, or GSNA
  • Experience with GRC platforms, including automated evidence collection and testing (eMASS experience a plus)

Preferred Qualifications

  • Experience in DoD environments and compliance frameworks (RMF, ICD 503)
  • Familiarity with agency-specific overlays (DoD, DHS, or civilian agencies)
  • Experience working with 3PAOs, Security Control Assessors, federal customers, or SOC 2 auditors
  • Familiarity with cloud security standards (FedRAMP, ISO 27001, NIST 800-171, DoD Cloud Computing SRG)

Indicators of Success

  • Keep authorization packages current across every framework instead of reconstructing them under deadline pressure
  • Reduce manual audit prep by automating control testing and evidence collection
  • Close open POA&M and corrective action items on a predictable cadence
  • Become the go-to person engineers check with before shipping changes that touch compliance boundaries, federal or corporate

Similar jobs