GRC Analyst (Federal Programs)

TL;DR

GRC Analyst (Federal Programs): Owning the end-to-end CMMC certification and driving FedRAMP readiness for an AI-native healthcare platform with an accent on security compliance and federal regulatory frameworks. Focus on mapping NIST SP 800-171 practices, building System Security Plans (SSP), and coordinating cross-functional remediation to ensure assessment readiness.

Location: Remote (Must be a US citizen and based in the United States)

Salary: $101,500 - $159,500 per year

Company

hirify.global is an AI-native healthcare company pioneering AI Care to provide real-time treatment and medical reasoning at scale.

What you will do

• Own the end-to-end CMMC journey, from scoping and gap analysis to assessment readiness.
• Drive FedRAMP readiness, including control documentation, evidence collection, and continuous monitoring.
• Define and maintain the CMMC assessment boundary across infrastructure, engineering, and business teams.
• Build and maintain critical compliance artifacts, including the System Security Plan (SSP) and Plan of Action and Milestones (POA&M).
• Serve as the primary point of contact for C3PAOs and external auditors during formal assessments.
• Contribute to broader GRC activities, including SOC 2 and HITRUST frameworks.

Requirements

• US citizenship required.
• Must have legal right to work in the United States (no visa sponsorship provided).
• 5+ years of experience in GRC, compliance, or security, with 3+ years specifically in federal frameworks (CMMC or FedRAMP).
• Deep knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling.
• Proven ability to produce SSPs, POA&Ms, and gap analyses independently.
• Experience communicating technical compliance requirements to non-technical business leaders.

Nice to have

• CMMC Certified Professional (CCP) or Certified Assessor (CCA) credentials.
• Hands-on experience with FedRAMP authorization packages and agency ATO processes.
• Background in defense contracting or regulated health tech environments.
• Experience with GRC platforms like Hyperproof, Drata, or Vanta.

Culture & Benefits

• Remote-first work environment with flexible working hours.
• Comprehensive health, dental, and vision insurance.
• Equity shares and 401(k) plan.
• Discretionary PTO and paid company holidays.
• Free digital therapist for employees and their families.