Swordhealth
Swordhealth

GRC Analyst, Federal Programs

legalfull-timeUnited States
SALARY
Not listed
WORK TYPE
remote
JOB TYPE
full-time
INDUSTRY
healthcare
Apply for this position
✦ AutoApply Let us apply to roles like this on your behalf.
Learn more

About the role

What you’ll be doing

  • Serve as a member of Sword's GRC team, contributing to security compliance across all products and services, with primary ownership of federal programs;
  • Define and maintain the CMMC assessment boundary, working across infrastructure, engineering, and business teams to ensure the scope is accurate and defensible;
  • Map NIST SP 800-171 practices to Sword's current environment and produce a clear, evidence-based gap analysis;
  • Translate identified gaps into prioritized remediation tasks with clear ownership, for audiences ranging from DevOps engineers to clinical operations managers;
  • Build and maintain the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and all artifacts required for assessment;
  • Serve as Sword's primary interface with the C3PAO and assessment team during formal CMMC assessments;
  • Drive FedRAMP readiness in parallel, including control documentation, evidence collection, and continuous monitoring;
  • Contribute to audits and compliance activities across other active frameworks, including SOC 2 and HITRUST, as part of Sword's broader GRC program.

What you need to have

  • 5+ years of hands-on experience in GRC, compliance, or security, with at least 3 of those years focused on federal compliance frameworks such as CMMC or FedRAMP;
  • Demonstrated experience owning deliverables and driving remediation through a CMMC, FedRAMP, or equivalent federal compliance effort;
  • Strong working knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling requirements;
  • Ability to produce compliance documentation — SSPs, POA&Ms, gap analyses, control narratives — without heavy supervision;
  • Proven ability to communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business teams;
  • Experience engaging directly with external auditors and assessors, including evidence packaging and real-time response during assessments;
  • US citizenship required;
  • Ability to obtain a federal Public Trust designation if required by a sponsoring.
✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. Plans from $14.99/mo. Cancel anytime.
Join waitlist
Apply now