This is a U.S. based position. All of the programs we support require U.S. citizenship to be eligible for employment. All work must be conducted within the continental U.S.
Who we are:
Raft (https://TeamRaft.com) is a customer-obsessed non-traditional small business with a purposeful focus on Distributed Data Systems, Platforms at Scale, and Complex Application Development, with headquarters in Reston, VA. Our range of clients includes innovative federal and public agencies leveraging design thinking, cutting-edge tech stack, and cloud-native ecosystem. We build digital solutions that impact the lives of millions of Americans.
We’re looking for an experienced Governance, Risk, and Compliance (GRC) Analyst, to support our customers and join our passionate team of high-impact problem solvers.
About the role:
At Raft, we are dedicated to ensuring the cyber security and resilience of our federal government partners. As a GRC Analyst, you will play a pivotal role in shaping and enforcing our cybersecurity frameworks in alignment with federal policies and mandates.
Your day to day will include collaboration with internal and external stakeholders to promote cybersecurity awareness, education, training, communication, alignment, collaboration, and cooperation. Your expertise will drive the identification, assessment, and mitigation of cyber risks, ensuring a robust compliance posture that fosters trust and confidence among our government stakeholders. You will also design, implement, and maintain the GRC platforms & tooling across Raft for both our corporate environment and those supporting classified programs. This role requires a deep understanding of cybersecurity principles, federal compliance requirements, and a passion for safeguarding national digital infrastructure.
What we are looking for:
-
Minimum of 2 years' experience in an ISSO or other GRC-related role supporting DoD programs at various classification levels
-
Experience with NIST Special Publications such as NIST SP 800-53 & 800-171, FedRAMP, and/or CMMC.
-
Understanding of the various DoD impact levels & related compliance requirements for each level
-
Experience with GRC tools such as ServiceNow, XACTA, eMASS, Archer, or SAP
-
Proficient in conducting risk assessments, audits, and compliance monitoring within federal government environments.
-
Understanding of and experience with SIEM tools such as Splunk, Grafana, or ELK.
-
Experience managing GRC work for both on-prem & cloud-based systems & networks.
-
Experience conducting internal self-assessments and audits with external assessors.
-
Understanding of common cybersecurity tools and technologies such as vulnerability & compliance scanners, static & dynamic code analyzers, DLP, IDS, etc.
-
Excellent communication skills with the ability to convey complex cybersecurity and compliance concepts, controls, & risk scenarios to technical and non-technical stakeholders.
-
Ability to translate GRC requirements into business risks and present to technical & non-technical Senior Leadership.
-
Ability to collaborate with and advise business units on governance structures and operational adjustments needed to align with governance frameworks.
-
Ability to identify gaps or conflicts in current policies and processes and work to develop solutions with internal business units.
-
Have or can obtain CompTIA Security+ or other DoD 8570 IAM Level I or higher certification within the first 90 days of employment with Raft.
Highly preferred:
- Bachelor’s degree in Cybersecurity, Information Assurance, Information Technology, or a related field.
- Industry certifications such as:
-CISSP
-CISA
-CISM
-CGRC
-PMI-RMP - Ability to manage cross-functional teams and drive deliverables to completion.
- Experience in developing and delivering cybersecurity training and awareness programs.
Clearance Requirements:
- Able to maintain a Top Secret/SCI Security clearance
Work Type:
- Remote
- May require up to 10% travel
What we will offer you:
- Highly competitive salary
- Fully covered healthcare, dental, and vision coverage
- 401(k) and company match
- Unlimited PTO + 11 paid holidays
- Education & training benefits
- Annual budget for your tech/gadgets needs
- Monthly box of yummy snacks to eat while doing meaningful work
- Remote, hybrid, and flexible work options
- Team off-site in fun places!
- Generous Referral Bonuses
- And More!
Our Vision Statement:
We bridge the gap between humans and data through radical transparency and our obsession with the mission.
Our Customer Obsession:
We will approach every deliverable like it's a product. We will adopt a customer-obsessed mentality. As we grow, and our footprint becomes larger, teams and employees will treat each other not only as teammates but customers. We must live the customer-obsessed mindset, always. This will help us scale and it will translate to the interactions that our Rafters have with their clients and other product teams that they integrate with. Our culture will enable our success and set us apart from other companies.
How do we get there?
Public-sector modernization is critical for us to live in a better world. We, at Raft, want to innovate and solve complex problems. And, if we are successful, our generation and the ones that follow us will live in a delightful, efficient, and accessible world where out-of-box thinking, and collaboration is a norm.
Raft’s core philosophy is Ubuntu: I Am, Because We are. We support our “nadi” by elevating the other Rafters. We work as a hyper collaborative team where each team member brings a unique perspective, adding value that did not exist before. People make Raft special. We celebrate each other and our cognitive and cultural diversity. We are devoted to our practice of innovation and collaboration.
We’re an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Top Skills
What We Do
Raft is a digital consulting firm with niche expertise in the rapid delivery of modern, user-first, scalable, and data-intensive digital solutions. We accelerate the missions of our federal partners through human-centered design (HCD) and agile development practices, bringing deep technical expertise in DevSecOps, Kubernetes management, cloud-native microservice architectures, and secure, open source delivery.
We put our people and our culture first. We work with some of the smartest, hardest working experts in their field. We owe it to them to make sure our team is free of meaningless restrictions and internal politics so they can focus on what they love, finding innovative solutions.
We build off the Open-Source and resist vendor lock in. That way you’re not paying us to reinvent the wheel, our solutions play nice with others and are always adaptable.
We know digital innovation doesn’t always operate during bank hours, so neither do we. (It's also why we don’t dress like bankers.) We aren’t afraid to go the extra mile or put in the extra time to find a solution. We get it right the first time; we won’t waste our time (and your money) trying to fix something that’s fundamentally broken. It’s kind of like making an exceptional cup of coffee, if the beans are roasted wrong, it doesn’t matter how much pumpkin spice you dump in your cup, it’s still not going to taste great.
And above all else we’re up for a challenge; it’s in our DNA. Ask us about something that’s never been done, or better yet something that can’t be done, and we’ll find a way to do it. It’s just who we are.
If you need a partner that’s looking toward the future and not the past, don’t go traditional, go Raft.
Why Work With Us
Raft partners with public agencies to solve hard complex problems that impact the lives of millions of Americans. We work hard to make it easy for humans to connect with data.
Gallery
