At Socure, we’re on a mission—to verify 100% of good identities in real time and eliminate identity fraud from the internet.
Using predictive analytics and advanced machine learning trained on billions of signals to power RiskOS™, Socure has created the most accurate identity verification and fraud prevention platform in the world. Trusted by thousands of leading organizations—from top banks and fintechs to government agencies—we solve real, high-impact problems at scale. Come join us!
Socure is seeking an Analyst, GRC – Public Sector to execute and enhance the company’s governance, risk, and compliance operations for its public sector business. Reporting to the Director of GRC – Public Sector, this role drives measurable improvements in compliance efficiency and audit readiness by managing vulnerability remediation, continuous monitoring, access oversight, and evidence preparation that allow Socure to meet the rigorous standards of FedRAMP, GovRAMP, and related frameworks. The Analyst collaborates across Security, Engineering, IT, DevOps, Product, Legal, and other teams to operationalize regulatory requirements, automate workflows, and offers the opportunity to shape the GRC strategy for Socure’s fast-growing public sector business.
What you'll doCompliance & Certification ManagementDay-to-day coordination and execution of external Third Party Assessment Organization (3PAO) assessments and responding to auditor requests for evidence and documentation.
Maintain and update FedRAMP and GovRAMP controls and documentation in alignment with organizational and regulatory requirements, including controls aligned with NIST SP 800-53 rev 5 and other related frameworks.
Prepare certification and authorization packages and maintain related documentation such as the System Security Plan (SSP) and associated appendices.
Lead the day-to-day FedRAMP continuous monitoring process including vulnerability management lifecycle, from identification through remediation and verification, coordinating with Security, Engineering, and DevOps teams to address issues identified with tools such as Wiz, Burp Suite, AWS native services, and other platforms and resolve issues within FedRAMP and GovRAMP timelines.
Coordinate recurring continuous monitoring compliance activities such as access reviews, incident response exercises, and contingency plan testing.
Oversee access controls for FedRAMP environments, including access requests, least privilege reviews and role-based access control validation and quarterly access certifications.
Design, implement and deliver FedRAMP training programs to promote compliance awareness
Create and manage automated workflows to improve efficiency.
Maintain compliance evidence repositories. audit preparation materials, and reporting artifacts.
Conduct internal reviews of logged events and control activities, escalating issues or gaps to the Director of GRC and provide status updates and reports highlighting trends, risks, and remediation progress.
Collaborate with the Director of GRC to design and implement AI-enabled compliance workflows, leveraging automation tools to streamline evidence generation, reporting, and audit readiness
Support the development, rollout, and maintenance of machine-readable compliance documentation (e.g., OSCAL or comparable structured formats) to facilitate interoperability
Partner with automation and engineering teams to integrate structured compliance data into Socure’s broader risk management and monitoring ecosystem including vulnerability remediation, access requests, and compliance reporting.
Monitor regulatory and industry trends for potential impacts to compliance strategy.
Serve as a security subject matter expert for public sector sales activities, including prospect briefings, RFP/RFQ responses, contract negotiations, and integration discussions.
Support development of external communications such as press releases and customer-facing materials related to security certifications and authorizations.
Monitor new and evolving requirements and perform gap analyses including
Updates to applicable NIST Special Publications and other government standards
Contract security requirements from new customers
Updates to the FedRAMP Program requirements and processes as the program evolves
Provide input to standards bodies on evolving standards when applicable
5+ years of cybersecurity or identity management experience, including 1+ year in the public sector.
Direct experience with FedRAMP, GovRAMP, and NIST frameworks (800-53, 800-63, 800-171).
Proven ability to manage continuous monitoring, vulnerability remediation, and compliance reporting.
Experience using AI tools (e.g., ChatGPT, Glean, Gemini) and machine-readable formats (e.g., OSCAL) to automate and streamline compliance processes.
Strong communication, organization, and collaboration skills with the ability to manage multiple priorities.
Ability to adapt to changing requirements
Must be a U.S. Person (U.S. Citizens or U.S. Permanent Residents) residing in the United States and be able to obtain a U.S. OPM NACI clearance.
Experience in regulated industries (e.g., financial services, healthcare) and knowledge of privacy and compliance frameworks such as GDPR, CCPA, and key NIST standards.
Professional certifications preferred (CISSP, CISM, CISA, IAPP).
Proven success leading certification and compliance initiatives (FedRAMP, GovRAMP, NIST 800-63/171)
Skilled in continuous monitoring, vulnerability management, policy updates, and audit coordination across cross-functional teams.
Strong understanding of evolving cybersecurity standards and digital identity regulations, with the ability to translate them into practical risk and compliance improvements.
Socure is an equal opportunity employer that values diversity in all its forms within our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
If you need an accommodation during any stage of the application or hiring process—including interview or onboarding support—please reach out to your Socure recruiting partner directly.
Follow Us!
YouTube | LinkedIn | X (Twitter) | Facebook
Top Skills
What We Do
Socure is the leading platform for digital identity trust. Its predictive analytics platform applies artificial intelligence and machine learning techniques with trusted online/offline data intelligence from email, phone, address, IP, device, velocity, and the broader internet to verify identities in real time. The company has more than 750 customers across the financial services, gaming, telecom, and e-commerce industries, including three of the top five banks, seven of the top 10 card issuers, three of the top MSBs, the top payroll provider, the top credit bureau, and over 100 of the largest and most successful FinTechs. Marquee customers include Chime, Varo Money, Public, Stash, and DraftKings.
Socure has received numerous industry awards and accolades, including being named to Forbes America’s Best Startup Employers 2021, being awarded Best New Technology Introduced over the Last 12 Months – Data and Data Services at the 2020 American Financial Technology Awards (AFTAs), being ranked number 70 in Deloitte’s Technology Fast 500™, being listed as a Gartner Cool Vendor, being recognized by Forbes as one of the Top 25 Machine Learning Startups to Watch, being named to CB Insights: The FinTech 250, and being awarded Finovate’s Award for Best Use of AI/ML, to name a few.
Why Work With Us
Socure is a critical part of the infrastructure of the digital economy and what we do is critical to ensure the safety of anyone doing any sort of business on the internet. Because of our technology digital identity theft will be eradicated and more people will be included in the digital economy than ever before.
Gallery
.jpg)
.png)
