GRC Officer

Pen Link is a technology company bringing clarity to complex data for people who need it now. We partner with law enforcement agencies across the United States, offering a software solution to manage data and aid investigators solving crimes. It sounds like a lot of data and analytics, but really, it’s about improving the world and keeping safe the places we call home.

• Supporting the FedRAMP program from readiness through Agency ATO, including documentation, coordination, and audit preparation
• Developing and maintaining key compliance documentation including SSPs, POA&M, policies, and security artifacts
• Coordinating with internal teams, external auditors, consultants, and 3
  
  PAO assessors during compliance assessments
• Supporting implementation and validation of NIST 800-53 security controls across cloud, engineering, and infrastructure environments
• Tracking remediation efforts, control gaps, and ongoing compliance activities
• Conducting internal compliance reviews, risk assessments, and gap analyses
• Supporting additional compliance initiatives including SOC 2, ISO 27001, TX-RAMP, CMMC, and CJIS requirements
• Assisting with vendor risk reviews, access reviews, policy governance, and continuous monitoring activities
• Supporting external audits, certification programs, and regulatory assessments
• Assisting with customer security questionnaires, RFPs/RFIs, and compliance-related inquiries
• Partnering cross-functionally with Security, Engineering, Product, and Infrastructure teams to improve security and compliance processes

• 3+ years of experience in GRC, cybersecurity compliance, or regulatory compliance within SaaS, cloud, or regulated environments
• Strong understanding of FedRAMP requirements and NIST 800-53 security controls
• Hands‑on experience supporting or managing FedRAMP authorizations, SSP development, POA&M management, and audit preparation
• Experience supporting compliance frameworks such as SOC 2, ISO 27001, TX-RAMP, CMMC, or CJIS
• Strong project management and organizational skills with the ability to manage multiple initiatives simultaneously
• Experience coordinating with external auditors, assessors, consultants, or compliance partners
• Strong written communication, documentation, and cross‑functional collaboration skills
• Ability to communicate effectively with both technical and non‑technical stakeholders
• Familiarity with AWS or Azure cloud environments preferred
• Experience with GRC tools, compliance automation platforms, or continuous monitoring programs preferred
• Professional certifications such as CISSP, CISM, CISA, CRISC, CCSP, CCSK, or PMP are a plus
• U.S. Citizenship required