C
Senior FedRAMP Consultant (GRC Analyst III)
c2 labs
6h ago
0OtherRemote, USjobspy_indeed
remoteindeed
Job Description
**C2 Labs** is hiring a **Senior FedRAMP Consultant (GRC Analyst III equivalent)** to act as a lead technical writer for FedRAMP authorization packages and ongoing ConMon operations. If you can translate real\-world cloud security implementations into crisp FedRAMP documentation—and you care about making ConMon sustainable—this is a strong fit.
**What you’ll do**
* Lead drafting of FedRAMP artifacts (20X KSI summaries and/or legacy SSP/policies/plans) and drive iterations to completion.
* Maintain control/KSI\-to\-evidence traceability in RegScale and keep the evidence library audit\-ready.
* Partner with cloud architecture/security engineering resources to ensure technical accuracy.
* Support assessor/sponsor readiness: walkthroughs, responses, and updates.
**Role summary**
Lead author and coordinator for FedRAMP documentation and evidence traceability. This role functions as a technical writer with security and cloud fluency—able to capture architecture and control/KSI implementations from engineering teams and translate them into FedRAMP artifacts. The Senior Consultant owns the quality of first drafts and mentors junior writers.
**Key responsibilities**
* Lead customer interviews/workshops to capture system boundary, data flows, shared responsibility model, and control/KSI implementations.
* Draft and iterate FedRAMP artifacts (e.g., 20X KSI implementation summaries and/or legacy SSP sections, policies, and plans).
* Build and maintain traceability between controls/KSIs, evidence, validation methods, and ConMon cadence in RegScale.
* Coordinate evidence collection and organize artifacts into a clean evidence library aligned to the package structure.
* Partner with the Cloud Architect and Security Engineer to ensure technical accuracy of narratives and diagrams.
* Support assessment readiness: conduct package walkthroughs, respond to questions, and update artifacts based on feedback.
* Mentor Junior Consultants on writing standards, template fidelity, and evidence hygiene.
**Key deliverables / outputs**
* FedRAMP first drafts of major package artifacts (KSI summaries and/or SSP sections).
* Policy and plan artifacts aligned to FedRAMP expectations (e.g., IRP, CP, CMP, ISCM, Rules of Behavior as required).
* Control/KSI\-to\-evidence traceability in RegScale with validation cadence documented.
* Assessment\-ready evidence library with consistent naming/versioning and completeness checks.
**Required qualifications**
* 5\+ years experience in GRC/compliance, security documentation, or audit support roles.
* Security certification (CISSP, CISM, CCSP)
* Demonstrated technical writing capability: can produce clear, consistent narratives for complex systems and controls.
* Working knowledge of NIST 800\-53 controls and evidence expectations; familiarity with FedRAMP package structure and templates.
* Comfort collaborating with engineers and architects to accurately describe technical implementation
