GRC Analyst – Public Sector

GRC Analyst – Public Sector WHY SOCURE? Socure is building the identity trust infrastructure for the digital economy — verifying 100% of good identities in real time and stopping fraud before it starts. The mission is big, the problems are complex, and the impact is felt by businesses, governments, and millions of people every day. We hire people who want that level of responsibility. People who move fast, think critically, act like owners, and care deeply about solving customer problems with precision. If you want predictability or narrow scope, this won’t be your place. If you want to help build the future of identity with a team that holds a high bar for itself — keep reading. ABOUT THE ROLE Socure is seeking an Analyst, GRC – Public Sector to execute and enhance the company’s governance, risk, and compliance operations for its public sector business. Reporting to the Director of GRC – Public Sector, this role drives measurable improvements in compliance efficiency and audit readiness by managing vulnerability remediation, continuous monitoring, access oversight, and evidence preparation that allow Socure to meet the rigorous standards of FedRAMP, GovRAMP, and related frameworks. The Analyst collaborates across Security, Engineering, IT, DevOps, Product, Legal, and other teams to operationalize regulatory requirements, automate workflows, and offers the opportunity to shape the GRC strategy for Socure’s fast-growing public sector business. WHAT YOU'LL DO COMPLIANCE & CERTIFICATION MANAGEMENT - Day-to-day coordination and execution of external Third Party Assessment Organization (3PAO) assessments and responding to auditor requests for evidence and documentation. - Maintain and update FedRAMP and GovRAMP controls and documentation in alignment with organizational and regulatory requirements, including controls aligned with NIST SP 800-53 rev 5 and other related frameworks. - Prepare certification and authorization packages and maintain related documentation such as the System Security Plan (SSP) and associated appendices. CONTINUOUS MONITORING & VULNERABILITY MANAGEMENT - Lead the day-to-day FedRAMP continuous monitoring process including vulnerability management lifecycle, from identification through remediation and verification, coordinating with Security, Engineering, and DevOps teams to address issues identified with tools such as Wiz, Burp Suite, AWS native services, and other platforms and resolve issues within FedRAMP and GovRAMP timelines. - Coordinate recurring continuous monitoring compliance activities such as access reviews, incident response exercises, and contingency plan testing. ACCESS MANAGEMENT & TRAINING - Oversee access controls for FedRAMP environments, including access requests, least privilege reviews and role-based access control validation and quarterly access certifications. - Design, implement and deliver FedRAMP training programs to promote compliance awareness - Create and manage automated workflows to improve efficiency. AUDIT & ASSESSMENT READINESS - Maintain compliance evidence repositories. audit preparation materials, and reporting artifacts. - Conduct internal reviews of logged events and control activities, escalating issues or gaps to the Director of GRC and provide status updates and reports highlighting trends, risks, and remediation progress. PROCESS IMPROVEMENT & COLLABORATION - Collaborate with the Director of GRC to design and implement AI-enabled compliance workflows, leveraging automation tools to streamline evidence generation, reporting, and audit readiness - Support the development, rollout, and maintenance of machine-readable compliance documentation (e.g., OSCAL or comparable structured formats) to facilitate interoperability - Partner with automation and engineering teams to integrate structured compliance data into Socure’s broader risk management and monitoring ecosystem including vulnerability remediation, access requests, and compliance reporting. ... (truncated, view full listing at source)