Junior FedRAMP Consultant - GRC Analyst I / Technical Writer
C2 Labs, Inc., New York, NY, United States
C2 Labs is looking for a Junior FedRAMP Consultant (GRC Analyst I equivalent) to support technical writing and evidence operations for FedRAMP authorization and ongoing ConMon. This is a great role if you're detail-oriented, enjoy structured writing, and want hands-on exposure to FedRAMP delivery.
What you'll do
• Support drafting and formatting of SSP/KSI artifacts, policies, and plans.
• Collect and organize evidence; maintain traceability in RegScale.
• Maintain trackers for actions, evidence requests, and POA&Ms.
• Help compile monthly/quarterly ConMon reporting inputs.
What we're looking for
• 1-3 years experience in GRC, audit support, compliance operations, or security documentation.
• Strong written communication and attention to detail (templates, tables, and structured documents).
• Basic familiarity with NIST 800-53 concepts or willingness to learn quickly.
• Comfort working with spreadsheets and tracking artifacts across multiple stakeholders.
• Reliable follow-through and responsiveness in a fast-moving delivery environment.
Nice to have
• Associates degree in IT, Cybersecurity, or related field
• Any FedRAMP exposure (coursework, prior engagement support, or template familiarity).
• Experience with GRC tools (RegScale, ServiceNow GRC, Archer) and/or ticketing systems.
• Security+ or similar entry-level security certification.
Engagement details
• 1099 independent contractor (initial engagement); project-based with potential extension.
• Remote-first; minimal travel expected.
• No clearance required; must be able to pass a standard background check and sign NDA/SOW.
• Hours vary by customer phase; consistent availability during business hours is important.
What you'll do
• Support drafting and formatting of SSP/KSI artifacts, policies, and plans.
• Collect and organize evidence; maintain traceability in RegScale.
• Maintain trackers for actions, evidence requests, and POA&Ms.
• Help compile monthly/quarterly ConMon reporting inputs.
What we're looking for
• 1-3 years experience in GRC, audit support, compliance operations, or security documentation.
• Strong written communication and attention to detail (templates, tables, and structured documents).
• Basic familiarity with NIST 800-53 concepts or willingness to learn quickly.
• Comfort working with spreadsheets and tracking artifacts across multiple stakeholders.
• Reliable follow-through and responsiveness in a fast-moving delivery environment.
Nice to have
• Associates degree in IT, Cybersecurity, or related field
• Any FedRAMP exposure (coursework, prior engagement support, or template familiarity).
• Experience with GRC tools (RegScale, ServiceNow GRC, Archer) and/or ticketing systems.
• Security+ or similar entry-level security certification.
Engagement details
• 1099 independent contractor (initial engagement); project-based with potential extension.
• Remote-first; minimal travel expected.
• No clearance required; must be able to pass a standard background check and sign NDA/SOW.
• Hours vary by customer phase; consistent availability during business hours is important.