About the position
C2 Labs is hiring a Senior FedRAMP Consultant (GRC Analyst III equivalent) to act as a lead technical writer for FedRAMP authorization packages and ongoing ConMon operations. If you can translate real-world cloud security implementations into crisp FedRAMP documentation—and you care about making ConMon sustainable—this is a strong fit.
Responsibilities
• Lead drafting of FedRAMP artifacts (20X KSI summaries and/or legacy SSP/policies/plans) and drive iterations to completion.
• Maintain control/KSI-to-evidence traceability in RegScale and keep the evidence library audit-ready.
• Partner with cloud architecture/security engineering resources to ensure technical accuracy.
• Support assessor/sponsor readiness: walkthroughs, responses, and updates.
Requirements
• 5+ years experience in GRC/compliance, security documentation, or audit support roles.
• Security certification (CISSP, CISM, CCSP)
• Demonstrated technical writing capability: can produce clear, consistent narratives for complex systems and controls.
• Working knowledge of NIST 800-53 controls and evidence expectations; familiarity with FedRAMP package structure and templates.
• Comfort collaborating with engineers and architects to accurately describe technical implementations.
• Strong attention to detail (templates, cross-references, tables, and evidence mapping).
Nice-to-haves
• Bachelors degree in IT, Cybersecurity, or related field
• Prior experience drafting FedRAMP SSPs and/or supporting artifacts (Low/Moderate/High).
• Experience with FedRAMP 20X concepts (KSIs, validation cycles, automation-first evidence).
• Experience working in RegScale or similar GRC tools.
• Audit-related experience.