Senior GRC Analyst

About Career TEAM: Founded in 1996, Career TEAM is a socially conscious organization dedicated to closing the opportunity divide through government-funded workforce development programs. Our award-winning portal, Career EDGE, leverages cutting-edge software to transform lives across the U.S. Behind every secure, compliant experience on our platform is a robust governance framework trusted by state agencies nationwide.

Position Overview

We are seeking a highly autonomous Senior GRC Analyst to take ownership of core elements within our security and compliance program. Operating entirely remotely from the Philippines, you will mature the documentation backbone that powers our GovRAMP, FedRAMP, and state-level authorizations. This is a senior, self-directed role designed for an expert who treats compliance documentation as a craft rather than a checkbox, partnering directly with security leadership and engineering to drive continuous improvement.

Key Responsibilities

• Compliance Program Ownership: Maintain and continuously improve the System Security Plan (SSP), policies, procedures, and standards aligned to NIST 800-53 and SOC 2 frameworks.
• POA&M & Evidence Lifecycle: Manage the Plan of Action and Milestones (POA&M) lifecycle, track remediation evidence, and coordinate monthly continuous monitoring deliverables with the U.S. security team and 3PAOs.
• Third-Party Risk Management: Run the vendor risk program end-to-end, evaluating security questionnaires, conducting due diligence, and enforcing subcontractor flow-down obligations.
• Enterprise Risk Maintenance: Maintain the enterprise risk register, facilitate risk acceptance decisions, and translate technical cyber risks into business impact for executive stakeholders.
• Policy & Awareness Administration: Version-control the policy library, administer security awareness training, conduct phishing simulations, and author tabletop exercise scenarios.

Required Skills & Qualifications

• 7+ years of hands-on GRC experience, with a strict minimum of 3 years dedicated to FedRAMP, GovRAMP, StateRAMP, TX-RAMP, or CMMC programs within a SaaS environment.
• Demonstrated track record of independently authoring SSPs, POA&Ms, and continuous monitoring deliverables for successful authorizations.
• Deep working knowledge of NIST 800-53, NIST 800-171, FIPS 199/200, and SOC 2 (Type II) frameworks.
• Exceptional written English proficiency, ensuring documents meet the rigorous standards of state auditors, executives, and 3PAOs.
• Location & Shift Context: Must be permanently located in the Philippines and fully available to work a dedicated night shift to maintain overlap with the U.S. team.

Preferred Strategic Indicators (Nice to Have)

• Bachelor’s degree in Cybersecurity, Information Systems, or a related field.
• Relevant industry certifications such as CISSP, CISA, CRISC, CGRC/CAP, or ISO 27001 Lead Implementer.
• Hands-on experience with modern GRC tooling (Drata, Vanta, Hyperproof, ServiceNow GRC) and prior work dealing with U.S. state government customers.

What We Offer

• The opportunity to act as a senior individual contributor with real, unlayered ownership over a defined portion of a high-stakes GRC program.
• A fully remote work environment built on trust, continuous improvement, and high accountability.
• Direct impact on a product that actively helps thousands of individuals access crucial workforce and educational services.
• Direct partnership with executive leadership and engineering—no micromanagement, no excessive layers.