Corporate Governance, Risk, and Compliance Analyst
Own and maintain RMF, FedRAMP High, CMMC 2.0, and SOC 2 compliance programs at Onebrief. Build and automate evidence (SSPs, SARs, POA&Ms), embed controls into engineering workflows, run risk assessments, and coordinate audits with federal agencies and internal teams. Requires 8+ years cybersecurity compliance experience and relevant certifications.
160k – 200k
Remote8+ YOEOther
About the role
What You'll Do
Own RMF authorizations across Department of War components and FedRAMP High, alongside CMMC 2.0 and SOC 2 compliance for corporate systems.
Maintain authorization and audit evidence, including SSPs, SARs, POA&Ms, STIGs, and control mappings.
Partner with Engineering, Product, and Security to embed compliance requirements into system design and CI/CD workflows.
Coordinate internal assessments and external audit readiness across all applicable frameworks.
Track regulatory and contractual changes and advise leadership on what they mean for Onebrief.
Run risk assessments and vendor/supply chain risk reviews across both federal and corporate environments.
Minimum Qualifications
U.S. Citizen.
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field.
8+ years in cybersecurity compliance.
Hands-on expertise with RMF and at least one of CMMC 2.0 or SOC 2.
One or more of the following certifications: CISSP, CISM, CISSO, CPTE, CySA+, FITSP-A, GCSA, CISA, ISSEP, GSLC, or GSNA.
Experience with GRC platforms, including automated evidence collection and testing (eMASS experience a plus).
Preferred Qualifications
Experience in DoD environments and compliance frameworks (RMF, ICD 503).
Familiarity with agency-specific overlays (DoD, DHS, or civilian agencies).
Experience working with 3PAOs, Security Control Assessors, federal customers, or SOC 2 auditors.
Familiarity with cloud security standards (FedRAMP, ISO 27001, NIST 800-171, DoD Cloud Computing SRG).
Indicators of Success
Keep authorization packages current across every framework instead of reconstructing them under deadline pressure.
Reduce manual audit prep by automating control testing and evidence collection.
Close open POA&M and corrective action items on a predictable cadence.
Become the go-to person engineers check with before shipping changes that touch compliance boundaries, federal or corporate.
Own Mercor's events end-to-end: set strategy for GTM, recruiting, and internal events; plan and execute high-signal conferences, dinners, and programs; drive measurable outcomes in relationships, pipeline, and talent. Requires 6-8 years events experience with strong execution, stakeholder management, and polished presence for executive/AI audiences.
160k – 200k
On-site6+ YOEOther
Solar Project Manager
FluidstackAustin, TX
Drive end-to-end delivery of utility-scale solar and BESS projects from NTP to COD. Own budgets, integrated schedules (P6), risks, contracts, and multi-site construction teams while managing critical interconnection and long-lead equipment milestones.
160k – 250k
On-site7+ YOEOther
Senior Manager, Commissioning
CrusoeDenver, CO +1
Lead commissioning execution and team management for data center projects. Oversee MEP/BMS/EPMS testing, documentation, and turnover while managing Commissioning Managers and Engineers across multiple builds.
160k – 195k
On-site10+ YOEOther
Senior Consumer Insights Research Manager
ReplitFoster City, CA
Lead consumer insights and research for Consumer and Brand Marketing. Design and execute qualitative and quantitative studies, build brand tracking programs, and deliver actionable insights that drive product, campaign, and brand decisions.
160k – 220k
Hybrid8+ YOEOther
Customer Researcher
OnePayUnited States
Lead and scale consumer insights function, conducting advanced quantitative and qualitative research to inform brand, product, and business strategy across the organization.