Senior FedRAMP Consultant — GRC Analyst III / Lead Technical Writer
C2 Labs, Inc., Washington, District of Columbia, United States
C2 Labs is hiring a Senior FedRAMP Consultant (GRC Analyst III equivalent) to act as a lead technical writer for FedRAMP authorization packages and ongoing ConMon operations. If you can translate real-world cloud security implementations into crisp FedRAMP documentation—and you care about making ConMon sustainable—this is a strong fit.
What you’ll do
Lead drafting of FedRAMP artifacts (20X KSI summaries and/or legacy SSP/policies/plans) and drive iterations to completion.
Maintain control/KSI-to-evidence traceability in RegScale and keep the evidence library audit‑ready.
Partner with cloud architecture/security engineering resources to ensure technical accuracy.
Support assessor/sponsor readiness: walkthroughs, responses, and updates.
What we’re looking for
5+ years experience in GRC/compliance, security documentation, or audit support roles.
Security certification (CISSP, CISM, CCSP)
Demonstrated technical writing capability: can produce clear, consistent narratives for complex systems and controls.
Working knowledge of NIST 800-53 controls and evidence expectations; familiarity with FedRAMP package structure and templates.
Comfort collaborating with engineers and architects to accurately describe technical implementations.
Strong attention to detail (templates, cross‑references, tables, and evidence mapping).
Nice to have
Bachelor's degree in IT, Cybersecurity, or related field
Prior experience drafting FedRAMP SSPs and/or supporting artifacts (Low/Moderate/High).
Experience with FedRAMP 20X concepts (KSIs, validation cycles, automation‑first evidence).
Experience working in RegScale or similar GRC tools.
Audit‑related experience.
Engagement details
1099 independent contractor (initial engagement); project-based with potential extension into ConMon operations.
Remote‑first; occasional workshops may be requested (typically minimal travel).
No clearance required; must be able to pass a standard background check and sign NDA/SOW.
Hours scale with customer phase (heavy during package drafting; lighter during steady‑state ConMon).
#J-18808-Ljbffr
What you’ll do
Lead drafting of FedRAMP artifacts (20X KSI summaries and/or legacy SSP/policies/plans) and drive iterations to completion.
Maintain control/KSI-to-evidence traceability in RegScale and keep the evidence library audit‑ready.
Partner with cloud architecture/security engineering resources to ensure technical accuracy.
Support assessor/sponsor readiness: walkthroughs, responses, and updates.
What we’re looking for
5+ years experience in GRC/compliance, security documentation, or audit support roles.
Security certification (CISSP, CISM, CCSP)
Demonstrated technical writing capability: can produce clear, consistent narratives for complex systems and controls.
Working knowledge of NIST 800-53 controls and evidence expectations; familiarity with FedRAMP package structure and templates.
Comfort collaborating with engineers and architects to accurately describe technical implementations.
Strong attention to detail (templates, cross‑references, tables, and evidence mapping).
Nice to have
Bachelor's degree in IT, Cybersecurity, or related field
Prior experience drafting FedRAMP SSPs and/or supporting artifacts (Low/Moderate/High).
Experience with FedRAMP 20X concepts (KSIs, validation cycles, automation‑first evidence).
Experience working in RegScale or similar GRC tools.
Audit‑related experience.
Engagement details
1099 independent contractor (initial engagement); project-based with potential extension into ConMon operations.
Remote‑first; occasional workshops may be requested (typically minimal travel).
No clearance required; must be able to pass a standard background check and sign NDA/SOW.
Hours scale with customer phase (heavy during package drafting; lighter during steady‑state ConMon).
#J-18808-Ljbffr