Wait, What Do You Do?

<p data-start="149" data-end="212"></p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">It's not just about the policies; it's about the mission!</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">At Career TEAM, we work to <em>accelerate the human condition.</em> Our award-winning portal, Career EDGE, transforms lives across the U.S.—and behind every secure, compliant experience is a governance expert like you.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">We are looking for a Senior GRC Analyst with deep experience in GovRAMP, FedRAMP, NIST 800-53, and SOC 2 to join our growing security and compliance team. You'll take ownership of core elements of our GRC program—the documentation, vendor risk, and policy work that keeps Career EDGE audit-ready and trusted by the state agencies we serve. This is a senior, self-directed role for someone who knows what good looks like, raises the bar on what's already in place, and treats compliance documentation as a craft rather than a checkbox.</p> <h4 class="text-text-100 mt-2 -mb-1 text-base font-bold"><strong>Why Join Us?</strong></h4> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">By joining this incredible company, you will be:</p> <ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">A senior individual contributor with real ownership over a defined portion of our GRC program.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Maturing the documentation backbone (SSPs, policies, POA&Ms, risk register, vendor program) that powers our GovRAMP, FedRAMP, and state authorization efforts.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Working on a product that directly helps thousands of individuals access workforce and educational services.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Partnering directly with security leadership, engineering, and executive stakeholders—no layers, no hand-holding.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Driving continuous improvement of policies, controls, and evidence collection across the organization.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Enjoy a fully remote work environment.</li> </ul> <h4 class="text-text-100 mt-2 -mb-1 text-base font-bold"><strong>Your Impact on Career TEAM's Success:</strong></h4> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">As a Senior GRC Analyst, your focus will be deeply hands-on and ownership-oriented:</p> <h5 class="text-text-100 mt-2 -mb-1 text-base font-bold"><strong>Compliance Program Ownership</strong></h5> <ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">Maintain and continuously improve the System Security Plan (SSP), policies, procedures, and standards aligned to NIST 800-53 and SOC 2.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Own the Plan of Action and Milestones (POA&M) lifecycle: tracking, aging, remediation evidence, and monthly continuous monitoring deliverables.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Manage the control evidence catalog—what evidence exists, where it lives, when it was last refreshed, and what's coming up for renewal.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Coordinate with the U.S. security team and 3PAOs to support GovRAMP, FedRAMP, and state-level (TX-RAMP, ) authorization and continuous monitoring activities.</li> </ul> <h5 class="text-text-100 mt-2 -mb-1 text-base font-bold"><strong>Risk, Vendor & Subcontractor Management</strong></h5> <ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">Run our third-party risk management program end-to-end: security questionnaires, due diligence, contract review, recurring reassessments.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Maintain the enterprise risk register, facilitate risk acceptance decisions, and translate technical risk into business language for executives.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Administer subcontractor flow-down obligations and PII safeguarding certifications across all relevant agreements.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Track contractual security obligations across state customer contracts and ensure we meet every commitment on schedule.</li> </ul> <h5 class="text-text-100 mt-2 -mb-1 text-base font-bold"><strong>Policy, Training & Awareness</strong></h5> <ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">Maintain and version-control our policy library—written in plain English, not boilerplate.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Run our security awareness training program, phishing simulations, and Rules of Behavior administration.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Author tabletop exercise scenarios, facilitate exercises, and produce after-action reports with concrete remediation owners.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Partner with HR and IT on onboarding and offboarding security checklists, access reviews, and acceptable use enforcement.</li> </ul> <h4 class="text-text-100 mt-2 -mb-1 text-base font-bold"><strong>What We're Looking For:</strong></h4> <ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">Located in the Philippines with night shift work hours (to overlap with U.S. team).</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">7+ years of hands-on GRC experience, with at least 3 years dedicated to FedRAMP, GovRAMP, StateRAMP, TX-RAMP, or CMMC programs at a SaaS company.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Demonstrated track record authoring SSPs, POA&Ms, and continuous monitoring deliverables for a successful authorization—not just contributing to someone else's work.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Deep working knowledge of NIST 800-53, NIST 800-171, FIPS 199/200, SOC 2 (Type II), and the practical realities of audit evidence collection.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Self-starter who can walk into an existing program, identify what needs to mature, and deliver without daily direction. You'll know you're a fit if "figure it out and make it better" sounds like a feature, not a bug.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Exceptional written English—your documents will be read by state auditors, executives, and 3PAOs.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Experience running a third-party risk management program and managing vendor security reviews at volume.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Bachelor's degree in Cybersecurity, Information Systems, or a related field; relevant certifications (CISSP, CISA, CRISC, CGRC/CAP, ISO 27001 Lead Implementer) are a strong plus.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Bonus: experience with GRC tooling (Drata, Vanta, Hyperproof, ServiceNow GRC) and prior work with U.S. state government customers.</li> </ul> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>Ready to bring rigor and craft to a compliance program that earns trust at every audit?</strong> Apply today and help us prove that doing the right thing—and documenting it well—is what makes lives change at scale.</p><div class="content-conclusion"><p><strong>About Career TEAM:</strong><br>Founded in 1996, Career TEAM is socially conscious organization that seeks to close the nation’s opportunity divide through government-funded workforce development programs designed to help individuals get the skills, knowledge, and resources needed to obtain quality employment.  In addition to administering these programs, Career TEAM develops and leverages cutting-edge software tools to ignite transformative change within the workforce development industry.  Career TEAM is revolutionizing the operational landscape for workforce development professionals through its Career Edge platform, which includes state-of-the-art job training tools and advanced case management systems.  For more information see <a href="https://www.careeredge.com">www.careeredge.com</a> and <a href="https://www.careerteam.com">www.careerteam.com</a>.</p> <p>Career TEAM’s outstanding record has resulted in numerous honors, including:</p> <ul> <li>Named by Inc. Magazine as one of America's 500 fastest growing privately held companies</li> <li>Recipient of the US Chamber of Commerce Blue Chip Enterprise Award for innovation</li> <li>Featured by 60 Minutes, CNN, Money Magazine, Inc. Magazine and the British Broadcasting Network as an innovative, government funded solutions program</li> <li>Invited to the White House after being cited by the National Welfare-to-Work Partnership and National Alliance of Business as a top 10 US training provider</li> </ul> <p><strong>Career Team is an Equal Opportunity Employer. </strong> All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.</p> <p><strong>Background Check Requirements. </strong>Employment is contingent upon successful completion of a background check (including criminal, prior employment and education verification). Failure to satisfactorily complete the background check may affect the application status of applicants or continued employment of current employees who apply for the position.</p> <p> </p></div>

Senior GRC Analyst (NIST/GovRAMP/FedRAMP)