Socure · 2 months ago
GRC Analyst – Public Sector
United States
Full-time
Remote
Mid, Senior Level
$95K/yr - $115K/yr
5+ years expSocure is building the identity trust infrastructure for the digital economy, and they are seeking an Analyst, GRC – Public Sector to enhance their governance, risk, and compliance operations. This role involves managing vulnerability remediation, continuous monitoring, and ensuring compliance with regulatory standards for the public sector business.
Artificial Intelligence (AI)Cyber SecurityFraud DetectionIdentity ManagementInformation ServicesInformation TechnologyMachine LearningPredictive Analytics
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Day-to-day coordination and execution of external Third Party Assessment Organization (3PAO) assessments and responding to auditor requests for evidence and documentation
Maintain and update FedRAMP and GovRAMP controls and documentation in alignment with organizational and regulatory requirements, including controls aligned with NIST SP 800-53 rev 5 and other related frameworks
Prepare certification and authorization packages and maintain related documentation such as the System Security Plan (SSP) and associated appendices
Lead the day-to-day FedRAMP continuous monitoring process including vulnerability management lifecycle, from identification through remediation and verification, coordinating with Security, Engineering, and DevOps teams to address issues identified with tools such as Wiz, Burp Suite, AWS native services, and other platforms and resolve issues within FedRAMP and GovRAMP timelines
Coordinate recurring continuous monitoring compliance activities such as access reviews, incident response exercises, and contingency plan testing
Oversee access controls for FedRAMP environments, including access requests, least privilege reviews and role-based access control validation and quarterly access certifications
Design, implement and deliver FedRAMP training programs to promote compliance awareness
Create and manage automated workflows to improve efficiency
Maintain compliance evidence repositories, audit preparation materials, and reporting artifacts
Conduct internal reviews of logged events and control activities, escalating issues or gaps to the Director of GRC and provide status updates and reports highlighting trends, risks, and remediation progress
Collaborate with the Director of GRC to design and implement AI-enabled compliance workflows, leveraging automation tools to streamline evidence generation, reporting, and audit readiness
Support the development, rollout, and maintenance of machine-readable compliance documentation (e.g., OSCAL or comparable structured formats) to facilitate interoperability
Partner with automation and engineering teams to integrate structured compliance data into Socure’s broader risk management and monitoring ecosystem including vulnerability remediation, access requests, and compliance reporting
Monitor regulatory and industry trends for potential impacts to compliance strategy
Serve as a security subject matter expert for public sector sales activities, including prospect briefings, RFP/RFQ responses, contract negotiations, and integration discussions
Support development of external communications such as press releases and customer-facing materials related to security certifications and authorizations
Monitor new and evolving requirements and perform gap analyses including updates to applicable NIST Special Publications and other government standards, contract security requirements from new customers, and updates to the FedRAMP Program requirements and processes as the program evolves
Provide input to standards bodies on evolving standards when applicable
Qualification
Required
5+ years of cybersecurity or identity management experience, including 1+ year in the public sector
Direct experience with FedRAMP, GovRAMP, and NIST frameworks (800-53, 800-63, 800-171)
Proven ability to manage continuous monitoring, vulnerability remediation, and compliance reporting
Experience using AI tools (e.g., ChatGPT, Glean, Gemini) and machine-readable formats (e.g., OSCAL) to automate and streamline compliance processes
Strong communication, organization, and collaboration skills with the ability to manage multiple priorities
Ability to adapt to changing requirements
Must be a U.S. Person (U.S. Citizens or U.S. Permanent Residents) residing in the United States and be able to obtain a U.S. OPM NACI clearance
Preferred
Experience in regulated industries (e.g., financial services, healthcare) and knowledge of privacy and compliance frameworks such as GDPR, CCPA, and key NIST standards
Professional certifications preferred (CISSP, CISM, CISA, IAPP)
Proven success leading certification and compliance initiatives (FedRAMP, GovRAMP, NIST 800-63/171)
Skilled in continuous monitoring, vulnerability management, policy updates, and audit coordination across cross-functional teams
Strong understanding of evolving cybersecurity standards and digital identity regulations, with the ability to translate them into practical risk and compliance improvements
Company
Socure
Socure is a predictive analytics platform for digital identity verification of consumers.
501-1000 employees
Funding
Current Stage
Late StageTotal Funding
$744.4MKey Investors
Capital One VenturesAccelSorenson Ventures
2023-03-08Debt Financing· $95M
2021-11-09Series E· $450M
2021-06-03Series Unknown
Leadership Team
Johnny Ayers
Founder & CEO
Matt King
Director, GRC - Public Sector
Recent News
2025-12-25
BiometricUpdate.com
2025-12-21
Washington Technology
2025-12-20
Company data provided by crunchbase