Senior FedRAMP Consultant — GRC Analyst III / Lead Technical Writer

C2 Labs is hiring a Senior FedRAMP Consultant (GRC Analyst III equivalent) to act as a lead technical writer for FedRAMP authorization packages and ongoing ConMon operations. If you can translate real-world cloud security implementations into crisp FedRAMP documentation—and you care about making ConMon sustainable—this is a strong fit.

What you’ll do

·         Lead drafting of FedRAMP artifacts (20X KSI summaries and/or legacy SSP/policies/plans) and drive iterations to completion.

·         Maintain control/KSI-to-evidence traceability in RegScale and keep the evidence library audit-ready.

·         Partner with cloud architecture/security engineering resources to ensure technical accuracy.

·         Support assessor/sponsor readiness: walkthroughs, responses, and updates.

What we’re looking for

·         5+ years experience in GRC/compliance, security documentation, or audit support roles.

·         Security certification (CISSP, CISM, CCSP)

·         Demonstrated technical writing capability: can produce clear, consistent narratives for complex systems and controls.

·         Working knowledge of NIST 800-53 controls and evidence expectations; familiarity with FedRAMP package structure and templates.

·         Comfort collaborating with engineers and architects to accurately describe technical implementations.

·         Strong attention to detail (templates, cross-references, tables, and evidence mapping).

Nice to have

·         Bachelors degree in IT, Cybersecurity, or related field

·         Prior experience drafting FedRAMP SSPs and/or supporting artifacts (Low/Moderate/High).

·         Experience with FedRAMP 20X concepts (KSIs, validation cycles, automation-first evidence).

·         Experience working in RegScale or similar GRC tools.

·         Audit-related experience.

Engagement details

·         1099 independent contractor (initial engagement); project-based with potential extension into ConMon operations.

·         Remote-first; occasional workshops may be requested (typically minimal travel).

·         No clearance required; must be able to pass a standard background check and sign NDA/SOW.

·         Hours scale with customer phase (heavy during package drafting; lighter during steady-state ConMon).