United States onlyThe FedRAMP Analyst is responsible for day-to-day execution of Clearview AI’s FedRAMP Continuous Monitoring (CONMON) program for Clearview’s federal-authorized platforms, including FedRAMP High. This role owns monthly CONMON deliverables (vulnerability tracking, POA&M updates, inventory reporting, and monthly executive reporting inputs), supports annual 3PAO assessment preparation, and maintains audit-ready evidence repositories aligned to the approved ATO package (SSP and appendices).
The FedRAMP Analyst partners closely with Engineering, Security & IT, Legal, People Operations, and external compliance partners to ensure authorized systems remain compliant, secure, and ready to support active U.S. Government customer usage. This role is scoped exclusively to FedRAMP; any future DoD IL program will be staffed as a separate position and is out of scope for this role.
The FedRAMP Analyst partners closely with Engineering, Security & IT, Legal, People Operations, and external compliance partners to ensure authorized systems remain compliant, secure, and ready to support active U.S. Government customer usage. This role is scoped exclusively to FedRAMP; any future DoD IL program will be staffed as a separate position and is out of scope for this role.
Key Responsibilities
- Execute the monthly FedRAMP CONMON calendar and ensure timely completion of all required artifacts and submissions.
- Own monthly vulnerability remediation tracking: intake scan outputs, open/track remediation tickets, validate closure evidence, and ensure SLA adherence (e.g., 30/90/180-day timelines).
- Maintain and update the Plan of Action and Milestones (POA&M): create/update POA&M items, document milestones, track due dates, coordinate risk statements with Legal, and route for approvals.
- Generate and maintain monthly inventory and configuration evidence (e.g., Integrated Inventory Workbook/IIW updates, authorized software evidence, baseline/config drift support).
- Prepare monthly CONMON reporting packages, including Monthly Security Status Reports, CONMON Executive Summary inputs, deviation requests, and other stakeholder reports required by the Sponsoring Agency, FedRAMP PMO, or Authorizing Official.
- Prepare deviation and exception requests: gather technical justification, compensating control documentation, scope/impact statements, and route through required approvals.
- Support continuous monitoring governance activities: access review evidence, log/monitoring review evidence, and coordination of corrective actions with Engineering and Security & IT.
- Maintain the CONMON and ATO artifact repository in Google Drive (or designated system): version control, naming conventions, evidence indexing, and audit-ready structure.
- Support annual security testing activities (e.g., penetration tests, red-team exercises if applicable, IR/ISCP tabletop exercises) by tracking schedules, collecting artifacts, and documenting remediation status.
- Support annual 3PAO assessment coordination: evidence collection, interview scheduling, assessor Q&A tracking, and findings remediation tracking in partnership with the VP, Federal Operations.
- Support significant change workflows: help determine compliance impact, document change narratives, update SSP appendices as required, and maintain change evidence for CONMON.
- Track training compliance for federal systems (Rules of Behavior acknowledgements, required awareness training completion) in coordination with People Ops and Security & IT.
- Serve as a primary day-to-day point of contact for internal stakeholders for FedRAMP evidence requests and compliance status updates; escalate risks and blockers to the VP, Federal Operations.
Skills, Knowledge and Expertise
- 3+ years of experience in cybersecurity compliance, GRC, or operating regulated cloud environments (FedRAMP, DoD IL, CJIS, HIPAA, PCI, ISO 27001/42001, or similar).
- Demonstrated experience executing continuous monitoring or recurring compliance reporting programs (monthly cadence preferred).
- Working knowledge of NIST 800-53 and FedRAMP concepts (POA&M management, SSP/ATO artifact structure, assessment evidence expectations).
- Experience coordinating vulnerability remediation tracking and translating technical findings into compliance artifacts (tickets, evidence, milestones, risk language).
- Strong project management and organizational skills; ability to manage multiple deadlines and stakeholder inputs.
- Excellent communication skills for producing audit-ready narratives, status reports, and executive summaries.
- Comfort working with technical teams (Engineering, Security) to obtain evidence and validate remediation outcomes.
- Experience using common tooling for evidence and workflow tracking (Google Drive, Jira/Linear, spreadsheets, ticketing systems).
- Ability to manage confidential and sensitive cybersecurity information.
- Candidates must be able to meet government security clearance requirements as required for this role.
Preferred Qualifications:
- Direct experience supporting a FedRAMP Moderate/High authorization, annual 3PAO assessment, or agency ATO process.
- Experience with SecondFront/Game Warden or other FedRAMP-adjacent platforms and inherited-control models.
- Familiarity with vulnerability scanning, SIEM/log review concepts, and secure SDLC evidence (SAST/DAST, threat modeling).
- Experience with evidence automation or compliance engineering approaches (repeatable evidence packets, templates, control mapping).
- Relevant certifications (e.g., Security+, SSCP, CISSP Associate, CAP, CISA, PMP).
Benefits
- Medical, Dental, Vision, STD and LTD Plans
- FSA - Medical and Dependent Care
- EAP and wellness programs
- 13 Paid Holidays
- Unlimited PTO
- Flexible work environment - 100% remote
- 401(k) plan
Georgia only