Product GRC SME

at Vanta
🇺🇸 United States - Remote
🚀 Product🔵 Mid-level

Job description

At Vanta, our mission is to secure the internet and protect consumer data. We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it.

As Vanta rapidly grows and moves upmarket, we’re working with increasingly sophisticated customers who have complex security and compliance needs, especially within the federal government sector. The GRC Subject Matter Experts play a critical role in delivering high-quality, scalable content to help these companies effectively manage their GRC programs.

As Vanta’s newest GRC Subject Matter Expert, you’ll be responsible for developing GRC solutions that support our growing list of global federal and public sector customers, with a critical focus on FedRAMP authorization and continuous monitoring. Acting as a bridge between Product Management, customers, and compliance stakeholders, you’ll ensure that our solutions align with key federal security and privacy frameworks. You’ll play a pivotal role in designing, maintaining, and improving compliance-related content while providing strategic input to shape Vanta’s overall GRC product roadmap, with a particular emphasis on our Vanta for Government (V4G) offering.

You’ll join Vanta’s Security organization, which provides essential security operational services, is directly involved in the software development process, sets policies and standards regarding enterprise-wide security requirements, and offers advisory services to enable our business to thrive while effectively managing risk. If you’re someone who has high initiative and enjoys problem solving while having impact at a high-growth company, we would love to hear from you!

You’ll be part of Vanta’s Security organization that directly influences product development, facilitates the creation of automated GRC solutions for customers, and provides expert advisory services to Vantans at large. If you love solving complex problems, thrive in a fast-paced environment, and want to make a real impact at a high-growth company, we’d love to hear from you!

What you’ll do as a GRC SME at Vanta

  • Develop New Federal Compliance Frameworks, with a FedRAMP Focus – Lead building new security, privacy, and risk management frameworks for end-users, , with a strong focus on FedRAMP (all baselines - Low, Moderate, High), CMMC, and NIST 800-53. This includes developing content to support the creation and maintenance of FedRAMP Authorization Packages (e.g., System Security Plans (SSPs), Plan of Action & Milestones (POA&Ms), Security Assessment Reports (SARs)).

  • Optimize GRC Content for V4G – Map evidence requirements, improve control descriptions, write policies, risk scenarios, implementation guidance to enhance clarity and usability for federal compliance, with a particular emphasis on streamlining processes for FedRAMP authorization and continuous monitoring within the V4G platform. Help to develop AI features to support these efforts.

  • Analyze Feedback – Identify and resolve issues with control mappings, evidence requirements, and framework content based on input from federal agencies, authorized third-party assessment organizations (3PAOs), and government auditors. Act as a subject matter expert during engagements related to FedRAMP assessments and audits.

  • Collaborate Across Teams for Federal Solutions – Work with software engineers, product designers, and customer-facing teams to ensure that GRC content is appropriately integrated into Vanta’s platform and meets end-user needs and V4G requirements, especially those pertaining to FedRAMP.

  • Partner with Product for Federal Innovation – Work closely with our Product team to advise on the development of new GRC features in the platform, driving innovation for Vanta for Government (V4G) and enhancing our capabilities for FedRAMP readiness and ongoing compliance.

How to be successful in this role:

  • 5-7+ years of experience in GRC and/or Information Security with significant direct experience focusing on federal government compliance programs, particularly FedRAMP authorization processes and continuous monitoring. Experience working for or with a Cloud Service Provider (CSP) pursuing FedRAMP, a 3PAO, or a federal agency is a strong plus.

  • Strong comprehension, communication, and collaboration skills – Ability to grasp core GRC concepts, apply them effectively across tasks, and clearly communicate findings to GRC Content Engineers, Product Managers, and non-technical stakeholders within the federal ecosystem, including government officials and 3PAOs.

  • Deep technical understanding of federal security and compliance, especially FedRAMP – Familiarity with industry frameworks such asFedRAMP (all baselines), CMMC (all levels), NIST 800-53, FIPS, and DFARS. Expert-level knowledge of FedRAMP requirements, documentation standards, and the JAB/Agency authorization process is highly desirable. Having a technical background (e.g., Federal Security Engineer, ISSO, Auditor, ATO specialist, or FedRAMP Assessor) is a plus, but not required.

  • Attention to detail and analytical mindset – Comfortable working with federal cybersecurity frameworks, detailed control mappings, and specific evidence requirements with precision and consistency, particularly within the rigorous context of FedRAMP.

  • Proficiency in MS Excel/Google Sheets – Ability to organize large data-sets, use lookup functions, and create pivot tables.

  • Self-motivated and independent – Able to work autonomously while contributing to team success.

  • Helpful and resourceful – Willing & excited to support cross-functional teams and improve compliance content.

  • Adaptable in a fast-paced environment – Skilled at managing change, solving problems proactively, and taking initiative.

  • Security certifications or formal education preferred – Certifications like CAP, CISA, CISSP-ISSEP, Certified CMMC Professional (CCP), or FedRAMP Provisional Assessor are a plus but not required.

What you can expect as a Vantan:

  • Industry-competitive compensation

  • 100% covered medical, dental, and vision benefits with dependents coverage

  • 16 weeks fully-paid parental Leave for all new parents

  • Health & wellness and remote workplace stipends

  • Family planning benefits through Carrot Fertility

  • 401(k) matching

  • Flexible work hours and location

  • Open PTO policy

  • 11 paid holidays in the US

  • Offices in SF, NYC, London, Dublin, and Sydney

To provide greater transparency to candidates, we share base pay ranges for all US-based job postings regardless of state. We set standard base pay ranges for all roles based on function, level, and country location, benchmarked against similar-stage growth companies. Final offer amounts are determined by multiple factors and may vary based on candidate location, skills, depth of work experience, and relevant licenses/credentials.

#LI-remote

At Vanta, we are committed to hiring diverse talent of different backgrounds and as such, it is important to us to provide an inclusive work environment for all. We do not discriminate on the basis of race, gender identity, age, religion, sexual orientation, veteran or disability status, or any other protected class. As an equal opportunity employer, we encourage and welcome people of all backgrounds to apply.

About Vanta

We started in 2018, in the wake of several high-profile data breaches. Online security was only becoming more important, but we knew firsthand how hard it could be for fast-growing companies to invest the time and manpower it takes to build a solid security foundation. Vanta was inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security.From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world’s leading Trust Management Platform, our vision remains unchanged.

Now more than ever, making security continuous—not just a point-in-time check— is essential. Thousands of companies rely on Vanta to build, maintain and demonstrate their trust— all in a way that’s real-time and transparent.

Share this job:
Please let Vanta know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply