Product GRC SME

Summary

Join Vanta's Security organization as a GRC Subject Matter Expert to develop GRC solutions for global federal and public sector customers, focusing on FedRAMP authorization and continuous monitoring. You will act as a bridge between Product Management, customers, and compliance stakeholders, ensuring solutions align with key federal security and privacy frameworks. Responsibilities include developing new federal compliance frameworks (with a FedRAMP focus), optimizing GRC content for V4G, analyzing feedback, collaborating across teams for federal solutions, and partnering with Product for federal innovation. Success in this role requires 5-7+ years of experience in GRC and/or Information Security with significant direct experience in federal government compliance programs, particularly FedRAMP. Strong comprehension, communication, and collaboration skills are essential, along with a deep technical understanding of federal security and compliance, especially FedRAMP. Attention to detail, analytical skills, and proficiency in MS Excel/Google Sheets are also required. The ideal candidate is self-motivated, independent, helpful, resourceful, and adaptable in a fast-paced environment.

Requirements

• 5-7+ years of experience in GRC and/or Information Security with significant direct experience focusing on federal government compliance programs, particularly FedRAMP authorization processes and continuous monitoring. Experience working for or with a Cloud Service Provider (CSP) pursuing FedRAMP, a 3PAO, or a federal agency is a strong plus
• Strong comprehension, communication, and collaboration skills – Ability to grasp core GRC concepts, apply them effectively across tasks, and clearly communicate findings to GRC Content Engineers, Product Managers, and non-technical stakeholders within the federal ecosystem, including government officials and 3PAOs
• Deep technical understanding of federal security and compliance, especially FedRAMP – Familiarity with industry frameworks such asFedRAMP (all baselines), CMMC (all levels), NIST 800-53, FIPS, and DFARS. Expert-level knowledge of FedRAMP requirements, documentation standards, and the JAB/Agency authorization process is highly desirable. Having a technical background (e.g., Federal Security Engineer, ISSO, Auditor, ATO specialist, or FedRAMP Assessor) is a plus, but not required
• Attention to detail and analytical mindset – Comfortable working with federal cybersecurity frameworks, detailed control mappings, and specific evidence requirements with precision and consistency, particularly within the rigorous context of FedRAMP
• Proficiency in MS Excel/Google Sheets – Ability to organize large data-sets, use lookup functions, and create pivot tables
• Self-motivated and independent – Able to work autonomously while contributing to team success
• Helpful and resourceful – Willing & excited to support cross-functional teams and improve compliance content
• Adaptable in a fast-paced environment – Skilled at managing change, solving problems proactively, and taking initiative

Responsibilities

• Develop New Federal Compliance Frameworks, with a FedRAMP Focus – Lead building new security, privacy, and risk management frameworks for end-users, , with a strong focus on FedRAMP (all baselines - Low, Moderate, High), CMMC, and NIST 800-53. This includes developing content to support the creation and maintenance of FedRAMP Authorization Packages (e.g., System Security Plans (SSPs), Plan of Action & Milestones (POA&Ms), Security Assessment Reports (SARs))
• Optimize GRC Content for V4G – Map evidence requirements, improve control descriptions, write policies, risk scenarios, implementation guidance to enhance clarity and usability for federal compliance, with a particular emphasis on streamlining processes for FedRAMP authorization and continuous monitoring within the V4G platform. Help to develop AI features to support these efforts
• Analyze Feedback – Identify and resolve issues with control mappings, evidence requirements, and framework content based on input from federal agencies, authorized third-party assessment organizations (3PAOs), and government auditors. Act as a subject matter expert during engagements related to FedRAMP assessments and audits
• Collaborate Across Teams for Federal Solutions – Work with software engineers, product designers, and customer-facing teams to ensure that GRC content is appropriately integrated into Vanta’s platform and meets end-user needs and V4G requirements, especially those pertaining to FedRAMP
• Partner with Product for Federal Innovation – Work closely with our Product team to advise on the development of new GRC features in the platform, driving innovation for Vanta for Government (V4G) and enhancing our capabilities for FedRAMP readiness and ongoing compliance

Preferred Qualifications

Security certifications or formal education preferred – Certifications like CAP, CISA, CISSP-ISSEP, Certified CMMC Professional (CCP), or FedRAMP Provisional Assessor are a plus but not required

Benefits

• Industry-competitive compensation
• 100% covered medical, dental, and vision benefits with dependents coverage
• 16 weeks fully-paid parental Leave for all new parents
• Health & wellness and remote workplace stipends
• Family planning benefits through Carrot Fertility
• 401(k) matching
• Flexible work hours and location
• Open PTO policy
• 11 paid holidays in the US
• Offices in SF, NYC, London, Dublin, and Sydney