GRC Analyst, Federal Programs

Sword is seeking a GRC Analyst to join their team, responsible for security compliance across all products and services, with primary ownership of federal programs. The role involves defining and maintaining the CMMC assessment boundary, translating identified gaps into prioritized remediation tasks, and building and maintaining the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and all artifacts required for assessment.

Requirements

• 5+ years of hands-on experience in GRC, compliance, or security, with at least 3 of those years focused on federal compliance frameworks such as CMMC or FedRAMP;
• Demonstrated experience owning deliverables and driving remediation through a CMMC, FedRAMP, or equivalent federal compliance effort;
• Strong working knowledge of CMMC Level 2 practices, scoping methodology, and CUI handling requirements;
• Ability to produce compliance documentation — SSPs, POA&Ms, gap analyses, control narratives — without heavy supervision;
• Proven ability to communicate technical compliance requirements to non-technical stakeholders across engineering, operations, and business teams;
• Experience engaging directly with external auditors and assessors, including evidence packaging and real-time response during assessments;
• US citizenship required;
• Ability to obtain a federal Public Trust designation if required by a sponsoring agency;

Benefits

• Comprehensive health, dental and vision insurance
• Life and AD&D Insurance
• Financial advisory services
• Supplemental Insurance Benefits (Accident, Hospital and Critical Illness)
• Health Savings Account
• Equity shares
• Discretionary PTO plan
• Parental leave
• 401(k)
• Flexible working hours
• Remote-first company
• Paid company holidays
• Free digital therapist for you and your family