Senior FedRAMP Consultant — GRC Analyst III / Lead Technical Writer - Remote

Overview

C2 Labs is hiring a Senior FedRAMP Consultant (GRC Analyst III equivalent) to act as a lead technical writer for FedRAMP authorization packages and ongoing ConMon operations. If you can translate real-world cloud security implementations into crisp FedRAMP documentation—and you care about making ConMon sustainable—this is a strong fit.

In Short

• Lead drafting of FedRAMP artifacts (20X KSI summaries and/or legacy SSP/policies/plans) and drive iterations to completion.
• Maintain control/KSI-to-evidence traceability in RegScale and keep the evidence library audit-ready.
• Partner with cloud architecture/security engineering resources to ensure technical accuracy.
• Support assessor/sponsor readiness: walkthroughs, responses, and updates.
• 5+ years experience in GRC/compliance, security documentation, or audit support roles.
• Security certification (CISSP, CISM, CCSP).
• Demonstrated technical writing capability: can produce clear, consistent narratives for complex systems and controls.
• Working knowledge of NIST 800-53 controls and evidence expectations; familiarity with FedRAMP package structure and templates.
• Comfort collaborating with engineers and architects to accurately describe technical implementations.
• Strong attention to detail (templates, cross-references, tables, and evidence mapping).

Requirements

• Bachelors degree in IT, Cybersecurity, or related field.
• Prior experience drafting FedRAMP SSPs and/or supporting artifacts (Low/Moderate/High).
• Experience with FedRAMP 20X concepts (KSIs, validation cycles, automation-first evidence).
• Experience working in RegScale or similar GRC tools.
• Audit-related experience.

Benefits

• 1099 independent contractor (initial engagement); project-based with potential extension into ConMon operations.
• Remote-first; occasional workshops may be requested (typically minimal travel).
• No clearance required; must be able to pass a standard background check and sign NDA/SOW.
• Hours scale with customer phase (heavy during package drafting; lighter during steady-state ConMon).