Junior FedRAMP Consultant (GRC Analyst I)

C2 Labs, Inc.

Knoxville, TN

JOB DETAILS
SKILLS
Analysis Skills, Artificial Intelligence (AI), Background Investigation, CompTIA Security+, Consulting, Detail Oriented, Documentation, Follow Through, Information Technology & Information Systems, Internet Security, Meeting Minutes, Microsoft Excel, Microsoft SharePoint, Microsoft Word, Operational Support, Operations Security (OPSEC), Risk, ServiceNow, Source Code/Configuration Management (SCM), Spreadsheets, Statement of Work (SOW), Technical Support, Technical Writing, Traceability, U.S. National Institute of Standards and Technology (NIST), Writing Skills
LOCATION
Knoxville, TN
POSTED
6 days ago

C2 Labs is looking for a Junior FedRAMP Consultant (GRC Analyst I) to support technical writing and evidence operations for FedRAMP authorization and ongoing ConMon. This is a great role if you’re detail-oriented, enjoy structured writing, and want hands-on exposure to FedRAMP delivery.

What you’ll do

• Support drafting and formatting of SSP/KSI artifacts, policies, and plans.

• Collect and organize evidence; maintain traceability in RegScale.

• Maintain trackers for actions, evidence requests, and POA&Ms.

• Help compile monthly/quarterly ConMon reporting inputs.

Role summary

Support package development and ConMon operations through structured documentation, evidence operations, and coordination support. This role is ideal for a junior GRC professional who is a strong writer and wants to build FedRAMP experience in a delivery team.

Key responsibilities

• Support drafting and formatting of FedRAMP artifacts (SSP sections, KSI summaries, policies, plans, appendices) under Senior Consultant guidance.

• Collect, organize, and quality-check evidence artifacts (naming standards, version control, completeness) and link evidence in RegScale.

• Maintain trackers for open actions, evidence requests, POA&M items, and deliverable status.

• Capture meeting notes and translate outcomes into updated documents, RegScale tasks, or action items.

• Support ConMon deliverables: compile scan outputs, update inventories/POA&Ms, and prepare monthly/quarterly reporting packages.

• Perform internal quality checks for template fidelity, cross-references, and completeness before SME review.

Key deliverables / outputs

• Well-formatted draft artifacts and appendices ready for Senior/SME review.

• Clean evidence library with links and traceability maintained in RegScale.

• Up-to-date action/evidence/POA&M trackers and ConMon reporting inputs.

Required qualifications

• Associates degree in IT, Cybersecurity, or related field 

• 1–3 years experience in GRC, audit support, compliance operations, or security documentation.

• Strong written communication and attention to detail (templates, tables, and structured documents).

• Basic familiarity with NIST 800-53 concepts or willingness to learn quickly.

• Comfort working with spreadsheets and tracking artifacts across multiple stakeholders.

• Reliable follow-through and responsiveness in a fast-moving delivery environment.

Preferred / nice to have

• Any FedRAMP exposure (coursework, prior engagement support, or template familiarity).

• Experience with GRC tools (RegScale, ServiceNow GRC, Archer) and/or ticketing systems.

• Security+ or similar entry-level security certification.

Tools & environment

• RegScale (linking evidence, updating workflows, POA&M maintenance)

• Microsoft Word/Excel (FedRAMP templates and attachments)

• Teams/SharePoint and customer-approved artifact repositories

Engagement details

• 1099 independent contractor (initial engagement); project-based with potential extension.

• Remote-first; minimal travel expected.

• No clearance required; must be able to pass a standard background check and sign NDA/SOW.

• Hours vary by customer phase; consistent availability during business hours is important.

Practical AI Application

  • Applies AI tools to streamline workflows, enhance decision-making, and improve outcomes
  • Understands the strengths and limitations of AI systems and exercises sound judgment in their use
  • Continuously explores new AI capabilities and integrates them into day-to-day work where appropriate
  • Uses AI in alignment with company and customer-specific policies, data privacy standards, and ethical guidelines
  • Exercises discretion when using AI with sensitive or proprietary information
  • Demonstrates awareness of bias, accuracy, and risk considerations when leveraging AI tools

EEO Statement

We are an equal opportunity employer. All qualified applicants will be considered without discrimination based on race, color, religion, sex, national origin, age, disability, or protected veteran status. Employment offers will be contingent on passing a pre-employment drug screen. 

Practical AI Application

  • Applies AI tools to streamline workflows, enhance decision-making, and improve outcomes
  • Understands the strengths and limitations of AI systems and exercises sound judgment in their use
  • Continuously explores new AI capabilities and integrates them into day-to-day work where appropriate
  • Uses AI in alignment with company and customer-specific policies, data privacy standards, and ethical guidelines
  • Exercises discretion when using AI with sensitive or proprietary information
  • Demonstrates awareness of bias, accuracy, and risk considerations when leveraging AI tools




About the Company

C

C2 Labs, Inc.