RemoteLeaf Logo
Log in Sign up

GRC Analyst, Federal Programs

4 hours, 35 minutes ago
United States
Full-time
Senior
Compliance Manager
Cybersecurity
Apply Now
SWORD Health

SWORD Health

SWORD Health provides AI-powered digital physical therapy solutions designed to prevent pain, support recovery, and enhance overall health, while also aiming to transform the rehabilitation industry through innovative technology and clinical oversight.

Health Care Providers & Services
251-1K
Founded 2015
$324M raised
View All Jobs 48

Description

  • Serve as a member of the GRC team supporting security compliance across Sword's products and services, with primary ownership of federal programs.
  • Define and maintain the CMMC assessment boundary in coordination with infrastructure, engineering, and business teams.
  • Map NIST SP 800-171 practices to the current environment and produce evidence-based gap analyses.
  • Translate compliance gaps into prioritized remediation tasks with clear ownership for technical and non-technical stakeholders.
  • Build and maintain the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and related assessment artifacts.
  • Serve as the primary point of contact for external auditors and assessors during CMMC assessment cycles.
  • Drive FedRAMP readiness, including control documentation, evidence collection, and continuous monitoring.
  • Contribute to audits and compliance work across other frameworks such as SOC 2 and HITRUST.

Requirements

  • 5+ years of hands-on experience in GRC, compliance, or security.
  • At least 3 years of experience focused on federal compliance frameworks such as CMMC or FedRAMP.
  • Demonstrated experience owning deliverables and driving remediation through a CMMC, FedRAMP, or equivalent federal compliance effort.
  • Strong working knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling requirements.
  • Ability to produce compliance documentation such as SSPs, POA&Ms, gap analyses, and control narratives without heavy supervision.
  • Proven ability to communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business teams.
  • Experience engaging directly with external auditors and assessors, including evidence packaging and real-time response during assessments.
  • US citizenship is required.
  • Ability to obtain a federal Public Trust designation if required by a sponsoring agency.
  • CMMC Certified Professional (CCP) credential or active pursuit of it is preferred.
  • CMMC Certified Assessor (CCA) credential is preferred.
  • Hands-on experience with FedRAMP authorization packages, continuous monitoring, and agency ATO processes is preferred.
  • Background in defense contracting or regulated health tech environments is preferred.
  • Experience working across multiple compliance frameworks simultaneously, such as HITRUST, SOC 2, or ISO 27001, is preferred.
  • Familiarity with GRC platforms such as Hyperproof, Drata, or Vanta is preferred.

Benefits

  • $101,500 - $159,500 a year base compensation, with variable pay and equity included in the range.
  • Comprehensive health, dental, and vision insurance.
  • Life and AD&D insurance.
  • Financial advisory services and supplemental insurance benefits.
  • Health Savings Account (HSA).
  • Equity shares.
  • Discretionary PTO plan.
  • Parental leave.
  • 401(k) retirement plan.
  • Flexible working hours and a remote-first work environment.
  • Paid company holidays.
  • Free digital therapist for you and your family.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Stripe

Global Sanctions Lead

Stripe 5K-10K Diversified Financial Services

Stripe is seeking a Global Sanctions Lead to own and evolve its worldwide sanctions program within the Financial Crimes team, modernizing operations while helping protect the platform from financial crime and regulatory risk.

Ireland Lead Compliance Manager Operations Manager
1 hour, 44 minutes ago
Flip App

GRC & Information Security Specialist (m/w/d)

Flip App 51-250 Internet Software & Services

Flip is hiring a GRC & Information Security Specialist to manage compliance, audits, and policy governance across multiple security frameworks in support of its international growth.

Germany Full-time Junior Compliance Manager Security Analyst
3 hours, 50 minutes ago
Reworks Solutions

Healthcare Compliance Manager

Reworks Solutions Internet Software & Services

ReWorks Solutions is seeking a remote Healthcare Compliance Manager in South Africa to oversee compliance operations, maintain regulatory adherence, and support audits and risk management for U.S.-hour healthcare work.

South Africa Full-time Mid Level Compliance Manager
HIPAA
4 hours, 35 minutes ago
Binance

Binance Accelerator Program - Product Compliance

Binance 5K-10K Capital Markets

Binance’s Accelerator Program in Dublin offers early-career talent hands-on experience supporting product compliance work across new launches, ongoing maintenance, and regulatory processes in a global blockchain ecosystem.

Ireland Europe Internship Entry Level Compliance Manager
Blockchain Confluence JIRA
4 hours, 35 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers