Aquia Inc. Logo

Aquia Inc.

Senior GRC Specialist

Posted 2 Days Ago
Be an Early Applicant
Remote
Hiring Remotely in United States
125K-150K Annually
Senior level
Remote
Hiring Remotely in United States
125K-150K Annually
Senior level
Own GRC activities across federal IT and cybersecurity programs: manage POA&M lifecycle, support FISMA and RMF/ATO processes, prepare audit readiness, track SLAs and availability metrics, produce operational reporting, identify control gaps, and support continuous monitoring and ATO sustainment.
The summary above was generated by AI

About Aquia

Aquia is a Veteran-founded digital services firm that helps the government modernize and secure its systems and processes. Named the “#1 Best Remote Startup to Work For in 2025” by Built In and a certified “Great Place to Work” for five years in a row, we prioritize outcomes over outputs- supporting work that benefits millions of Americans.

The systems we modernize help Veterans access their earned benefits in days instead of weeks, enable investigators to double their health care fraud investigations, and help civil servants achieve system authorizations in roughly a quarter of the time. Our contributions earned us recognition as the Department of Health and Human Services (HHS) Service-Disabled Veteran-Owned Small Business of the Year in 2024.

We hire people who take ownership, raise the bar, and lift up those around them while they do it.


About the Role

All applicants must have an active Top Secret clearance to be considered for this role. Please do not apply if you do not have active Top Secret clearance.

We are seeking a Senior GRC Specialist to own governance, risk, and compliance activities across federal IT and cybersecurity programs. This role sits at the intersection of policy, operations, and accountability, requiring someone who can manage the rigor of FISMA compliance and RMF-driven authorization programs while also keeping a sharp eye on service delivery metrics, SLA performance, and audit readiness.

This is a senior individual contributor role for a practitioner who is equally comfortable drafting POA&M responses, engaging with auditors, and producing operational reporting that gives leadership clear visibility into risk and program health.


What You'll Do
  • Own and manage POA&M lifecycle activities: tracking findings, coordinating remediation, validating closure, and maintaining accurate, audit-ready documentation
  • Support FISMA compliance programs, including evidence collection, continuous monitoring, and coordination with system owners and ISSOs/ISSMs
  • Apply NIST SP 800-53 and NIST SP 800-37 (RMF) to assess control implementation, support authorization activities, and maintain system security postures
  • Manage and report on SLAs and availability metrics for IT and cybersecurity operations; surface trends, flag risks, and drive accountability against commitments
  • Develop and maintain operational reporting for internal leadership and government stakeholders — translating compliance and operational data into clear, actionable insight
  • Lead audit readiness activities: preparing teams and documentation for internal reviews, independent assessments (3PAO/IA), and government audits
  • Identify gaps in control implementation or operational processes and recommend practical, risk-informed mitigation strategies
  • Support continuous monitoring programs and contribute to ongoing ATO/cATO sustainment

Required Qualifications
  • Bachelor's degree in Information Technology, Cybersecurity, Information Systems, or a related field, with 6+ years of relevant experience; equivalent combination of education and demonstrated experience considered
  • Active Top Secret (TS) clearance required: candidates without an active TS clearance will not be considered; sponsorship is not available for this role
  • U.S. citizenship required, must be located in the US.
  • Demonstrated experience supporting FISMA compliance programs in federal environments
  • Working knowledge of NIST SP 800-53 (control families, implementation, and assessment)
  • Working knowledge of NIST SP 800-37 (Risk Management Framework) and the ATO/authorization process
  • Hands-on experience managing POA&M lifecycle: tracking, remediation coordination, evidence validation, and closure
  • Experience preparing for and supporting federal audits and security assessments, including evidence packaging, stakeholder coordination, and finding response
  • Experience managing SLAs and availability metrics in IT service delivery or cybersecurity operations environments
  • Ability to develop and maintain operational reporting that communicates performance and risk posture to technical and executive audiences
  • Experience producing clear, accurate reporting on cybersecurity operations, compliance status, and service health for government and internal stakeholders

Desired Qualifications
  • Experience with eMASS or similar GRC/authorization tracking platforms
  • Familiarity with continuous monitoring (ConMon) program management and reporting
  • Experience working alongside ISSOs, ISSMs, and Authorizing Officials in the RMF process
  • Knowledge of FedRAMP, DoD CC SRG, or agency-specific overlays (e.g., HHS, DoD, DHS)
  • Experience with ITSM platforms (ServiceNow, Jira) for tracking findings and operational workflows
  • Relevant certifications: CISSP, CISM, CAP/CGRC, Security+, or equivalent

Remote - USA
$125,000$150,000 USD

Benefits

  • Premium health care plans (90% employer-paid)
  • Employee stock plan
  • 100% 401k match (up to IRS annual max)
  • Generous PTO package
  • Personal training and development budget

Stay in touch

Sign up for our newsletter to receive updates on cloud and cybersecurity in the public sector and what's new at Aquia.

Aquia Inc. is an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.

Similar Jobs

9 Days Ago
In-Office or Remote
Senior level
Senior level
Artificial Intelligence • Machine Learning • Natural Language Processing • Software • Generative AI
This role involves building and scaling compliance programs, translating security and regulatory requirements into scalable solutions, and collaborating across teams, specifically in AI governance and technical compliance automation.
Top Skills: DodFedrampHipaaIso 27001Iso 42001PythonSoc 2
57 Minutes Ago
In-Office or Remote
120K-160K Annually
Mid level
120K-160K Annually
Mid level
Greentech • Hardware • Internet of Things • Machine Learning • Software • Business Intelligence • Agriculture
Drive new business and ensure customer success across Nebraska's Sandhills. Perform in-field sales, prospecting, onboarding, territory ownership, and cross-functional feedback while frequently traveling to ranches and industry events.
Top Skills: Precision AgricultureSaaSVirtual Fencing
An Hour Ago
Remote or Hybrid
United States
100K-160K Annually
Mid level
100K-160K Annually
Mid level
Cloud • Insurance • Payments • Software • Business Intelligence • App development • Big Data Analytics
Lead and grow an Infrastructure Security team securing cloud infrastructure, edge networks, and application delivery. Drive cloud security architecture, WAF/SASE/zero-trust implementations, PAM and secrets management, incident management and on-call response, KPIs/OKRs, cross-team partnerships, and continuous security process and tooling improvements.
Top Skills: AnsibleAWSAws Wafv2AzureAzure WafBeyondtrustCloudflareCyberarkDdosGCPGcp Cloud ArmorHashicorp VaultKeeperSaseTerraformZero-Trust

What you need to know about the Colorado Tech Scene

With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.

Key Facts About Colorado Tech

  • Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
  • Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
  • Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
  • Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
  • Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account