GRC Compliance Analyst / Assessor / Onsite in Annapolis

This organization is a growing cybersecurity consulting firm founded in 2006, with a strong track record supporting organizations navigating complex compliance and regulatory environments. This onsite role in Annapolis, MD is ideal for a Senior Compliance Analyst/Assessor experienced in SOC 1/SOC 2 examinations, FedRAMP assessments, and broader frameworks such as PCI DSS, HITRUST, HIPAA, and ISO 27001.

This opportunity is well-suited for professionals looking to deepen their expertise across high-demand compliance frameworks while working closely with cloud providers, fintech, and healthcare clients. The organization has experienced steady growth over the past 18 months and offers exposure to both advisory and accredited audit engagements, allowing you to expand your technical compliance skillset while making a tangible impact on client security postures.

Required Skills & Experience

• 4+ years of experience in cybersecurity compliance, risk assessment, or IT audit
• Strong hands-on experience with SOC 1 and/or SOC 2 examinations
• Knowledge of FedRAMP, GovRAMP, or similar government security frameworks
• Experience with PCI DSS, HIPAA, HITRUST, or ISO 27001 compliance programs
• Understanding of cloud security principles (AWS, Azure, or GCP environments)
• Experience conducting security assessments, audits, or readiness engagements
• Strong documentation, reporting, and client-facing communication skills
• Ability to work onsite in Annapolis, MD

Desired Skills & Experience

• Experience working within a 3PAO or accredited assessment organization
• Certifications such as CISSP, CISA, CISM, CPA, or HITRUST CCSFP
• Background in penetration testing or vulnerability assessments
• Familiarity with GRC tools and compliance management platforms
• Experience supporting startups, SaaS platforms, or regulated industries
• Ability to manage multiple client engagements simultaneously

What You Will Be Doing
Tech Breakdown

• 40% Compliance Assessments (SOC, FedRAMP, PCI, HITRUST)
• 30% Client Advisory & Readiness Consulting
• 20% Documentation & Reporting
• 10% Internal Collaboration & Knowledge Sharing

Daily Responsibilities

• 50% Conduct and lead compliance assessments and audits
• 25% Advise clients on remediation strategies and regulatory alignment
• 15% Prepare audit reports, documentation, and evidence reviews
• 10% Collaborate with internal teams and contribute to best practices

The Offer

• Comprehensive medical, dental, and vision insurance
• Paid time off and company holidays
• Retirement savings plan (e.g., 401(k))
• Professional development and certification support
• Opportunity to work with a growing and well-established cybersecurity consulting team