GRC Officer

PenLink is a technology company bringing clarity to complex data for people who need it now. We partner with law enforcement agencies across the United States, offering a software solution to manage data and aid investigators solving crimes. It sounds like a lot of data and analytics, but really, it’s about improving the world and keeping safe the places we call home. 

We focus on creating products that positively impact our communities and being "in the mission" and less about the laidback culture and amazing benefits – even though we offer those too. With our get it done attitude and focused mission we are growing at an unprecedented rate and are therefore seeking a GRC Officer – Federal Compliance to support and expand our federal security compliance program. This role will help lead FedRAMP readiness and authorization efforts while partnering closely with Security, Engineering, Infrastructure, and Product teams to ensure compliance with government cybersecurity standards and regulatory frameworks. 

YOUR RESPONSIBILITIES 

• Supporting the FedRAMP program from readiness through Agency ATO, including documentation, coordination, and audit preparation  
• Developing and maintaining key compliance documentation including SSPs, POA&Ms, policies, and security artifacts  
• Coordinating with internal teams, external auditors, consultants, and 3PAO assessors during compliance assessments  
• Supporting implementation and validation of NIST 800-53 security controls across cloud, engineering, and infrastructure environments  
• Tracking remediation efforts, control gaps, and ongoing compliance activities  
• Conducting internal compliance reviews, risk assessments, and gap analyses  
• Supporting additional compliance initiatives including SOC 2, ISO 27001, TX-RAMP, CMMC, and CJIS requirements  
• Assisting with vendor risk reviews, access reviews, policy governance, and continuous monitoring activities  
• Supporting external audits, certification programs, and regulatory assessments  
• Assisting with customer security questionnaires, RFPs/RFIs, and compliance-related inquiries  
• Partnering cross-functionally with Security, Engineering, Product, and Infrastructure teams to improve security and compliance processes 

YOUR COMPETENCIES & EXPERIENCE 

• 3+ years of experience in GRC, cybersecurity compliance, or regulatory compliance within SaaS, cloud, or regulated environments  
• Strong understanding of FedRAMP requirements and NIST 800-53 security controls  
• Hands-on experience supporting or managing FedRAMP authorizations, SSP development, POA&M management, and audit preparation  
• Experience supporting compliance frameworks such as SOC 2, ISO 27001, TX-RAMP, CMMC, or CJIS  
• Strong project management and organizational skills with the ability to manage multiple initiatives simultaneously  
• Experience coordinating with external auditors, assessors, consultants, or compliance partners  
• Strong written communication, documentation, and cross-functional collaboration skills  
• Ability to communicate effectively with both technical and non-technical stakeholders  
• Familiarity with AWS or Azure cloud environments preferred  
• Experience with GRC tools, compliance automation platforms, or continuous monitoring programs preferred  
• Professional certifications such as CISSP, CISM, CISA, CRISC, CCSP, CCSK, or PMP are a plus  
• U.S. Citizenship required