Software for rapid military planning: make planning fast enough for today's environment
Corporate Governance, Risk and Compliance Analyst
Location
United States
Posted
4 days ago
Salary
$160K - $200K / year
Seniority
Lead
Job Description
Corporate Governance, Risk and Compliance Analyst
Onebrief
• Own RMF authorizations across Department of War components and FedRAMP High, alongside CMMC 2.0 and SOC 2 compliance for corporate systems • Maintain authorization and audit evidence, including SSPs, SARs, POA&Ms, STIGs, and control mappings • Partner with Engineering, Product, and Security to embed compliance requirements into system design and CI/CD workflows, not bolt them on afterward • Coordinate internal assessments and external audit readiness across all applicable frameworks • Track regulatory and contractual changes and advise leadership on what they mean for Onebrief • Run risk assessments and vendor/supply chain risk reviews across both federal and corporate environments
Job Requirements
- U.S. Citizen
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field
- 8+ years in cybersecurity compliance
- Hands-on expertise with RMF and at least one of CMMC 2.0 or SOC 2
- One or more of the following certifications: CISSP, CISM, CISSO, CPTE, CySA+, FITSP-A, GCSA, CISA, ISSEP, GSLC, or GSNA
- Experience with GRC platforms, including automated evidence collection and testing (eMASS experience a plus)
Benefits
- Equity: Share in the company's success.
- Flexible Work Environment: Remote-first organization with flexible work hours and unlimited PTO.
- Comprehensive Health Coverage: Health, dental, vision, and life insurance.
- Retirement Plan: 401(k) plan with company match to secure your future.
- Parental Leave: 8 weeks at 100% regardless of state.
- Company Retreats: Annual company summit trips.
- Home Office Budget: $1,000 per year for home office improvements.
Related Guides
Related Categories
Related Job Pages
More Compliance Jobs
• Maintain and improve the QMS. • Manage controlled documents, policies, procedures, templates, and SOPs. • Coordinate document reviews, version control, approvals, and updates. • Track corrective and preventive actions (CAPA). • Support PMO governance and process standardization. • Support CMMI, CMMC, ISO 9001, ISO 20000, ISO 27001, and customer-required frameworks. • Maintain evidence repositories and compliance documentation. • Coordinate evidence collection and audit readiness. • Track remediation actions and gap assessments. • Monitor contract deliverables and reporting requirements. • Maintain compliance calendars and milestones. • Support startup, transition, and closeout activities. • Review contract requirements for operational impacts. • Track SLA, KPI, and Quality Control Plan compliance. • Plan and coordinate internal audits. • Support external certification audits. • Track findings through closure. • Prepare audit reports and executive summaries. • Review project documentation for quality and completeness. • Support governance reviews and project health assessments. • Maintain PMO templates and standards. • Capture lessons learned and improvement opportunities. • Develop dashboards for compliance, audits, certifications, contract performance, and PMO maturity. • Provide monthly executive reporting. • Maintain centralized compliance repositories. • Support document retention requirements. • Keep templates and policies current.
• Lead efforts to ensure regulatory compliance and manage compliance risk within the organization • Immerse yourself in the company’s operations and develop robust compliance frameworks • Collaborate closely with various teams to implement effective compliance programs • Conduct regular audits and provide guidance on regulatory requirements • Foster a culture of integrity and accountability, ensuring business practices uphold the highest ethical standards • Coordinate, process, and monitor license obligations for established and newly regulated igaming markets • Communicate effectively and develop strong relationships with regulatory authorities for approvals • Work closely with key stakeholders internally and externally in the regulatory landscape • Stay up to date with regulatory developments and best practices in compliance control • Identify, document, and increase efficiencies of business processes to align with compliance requirements • Develop project plans, reports, and schedules for relevant stakeholders and teams
• The Director, CDx Regulatory Consultant will be responsible for applying deep expertise in companion diagnostic regulatory strategy, IVD development, quality system expectations, and global marketing authorization pathways to advise pharmaceutical, biotechnology, and diagnostic clients on the development, clinical trial use, approval, and lifecycle management of companion diagnostics. • Translate complex FDA, EU IVDR, and other global regulatory requirements into practical, actionable strategies that support Rx Dx co-development, patient selection assays, analytical and clinical validation planning, clinical trial enabling submissions, and coordinated diagnostic and therapeutic commercialization. • Serve as the CDx regulatory subject matter expert for strategic positioning of client programs. • Proactively identify client needs by understanding the therapeutic program, biomarker strategy, intended use population, assay technology, clinical trial design, and commercial objectives. • Lead consulting engagements with pharmaceutical clients to develop global CDx regulatory strategies, integrated development roadmaps, submission pathways, and milestone-based timelines that support clinical trial execution, regulatory authorization, and commercialization objectives. • Partner cross-functionally with therapeutic development teams, diagnostic manufacturers, laboratories, biostatistics, clinical operations, quality assurance, and commercial stakeholders to ensure CDx development activities are coordinated with overall program timelines and regulatory expectations.
Senior GRC Analyst
PrizePicksPrizePicks is the fastest-growing sports company in North America according to the 2023 Inc. 5000 rankings, two years running, and the largest independent skill-based fantasy sports operator in the country.
• Own the ongoing review and maintenance of organizational security policies, standards, and procedures. Assist in identifying policy gaps based on evolving regulatory requirements, business needs, and industry best practices. • Serve as a primary cross-functional coordinator with other dedicated compliance teams (e.g., Legal, Regulatory Affairs, Internal Audit) to design and maintain a unified, strategic governance roadmap that ensures all corporate compliance activities are aligned, documented, and consistently executed across the enterprise. • Lead security risk assessments for new and renewing third-party vendors third-party vendors as part of the procurement lifecycle. Track remediation items and collaborate with stakeholders to address identified risks. • Coordinate and support the organization's annual security audits and certifications (e.g., SOC 2, PCI, CIS). Coordinate evidence collection, track action items, communicate with stakeholders, and assist with audit readiness activities. Lead cross-functional coordination with internal SMEs to support evidence collection activities with internal SMEs to support the internal evidence gathering process across multiple departments, reviewing appropriateness, tracking action items, and ensuring timely submission of required documentation. • Assist with the administration and continuous improvement of the company’s security awareness and training program, including tracking completion metrics and updating training content as needed. • Work in close partnership with Legal and Regulatory teams to interpret new and changing compliance requirements. Provide security insight to ensure corporate practices and technology align with legal and regulatory mandates. • Proactively identify and drive improvements to the efficiency, consistency, and scalability of GRC processes of GRC processes and documentation. Contribute to initiatives that enhance operational maturity and reduce organizational risk. Ensuring internal tools and processes meet control objectives and reduce organizational risk. • Maintain and help evolve risk and issues registries, tracking exceptions, risk owners, update timelines, and supporting broader risk management initiatives across Security and IT functions.



