Vanta is hiring a Product GRC SME, Vanta for Government

Vanta is looking for a Product GRC Subject Matter Expert (SME), Vanta for Government to develop governance, risk, and compliance solutions centered on federal and public sector customers. You will play a critical role advancing FedRAMP authorization and continuous monitoring capabilities, acting as a bridge between Product Management, customers, and compliance stakeholders to shape the GRC product roadmap for Vanta for Government (V4G).

What You'll Do

• Develop new federal compliance frameworks with a FedRAMP focus, including content for FedRAMP Authorization Packages.
• Optimize GRC content for V4G by mapping evidence requirements, improving control descriptions, writing policies, and developing AI features.
• Analyze feedback from federal agencies, 3PAOs, and auditors to resolve issues with control mappings and framework content.
• Collaborate across software engineering, product design, and customer-facing teams to integrate GRC content into Vanta's platform.
• Partner with the Product team to advise on new GRC features, driving innovation for Vanta for Government and FedRAMP compliance.

What We're Looking For

• 5-7+ years of experience in GRC and/or Information Security with significant direct experience in federal government compliance programs, particularly FedRAMP authorization and continuous monitoring.
• Strong comprehension, communication, and collaboration skills to communicate findings to technical and non-technical stakeholders.
• Deep technical understanding of federal security and compliance frameworks, especially FedRAMP (all baselines), CMMC, NIST 800-53, FIPS, and DFARS.
• Attention to detail and analytical mindset for working with federal cybersecurity frameworks and detailed control mappings.
• Proficiency in MS Excel/Google Sheets for organizing large datasets, using lookup functions, and creating pivot tables.
• Self-motivated, independent, helpful, resourceful, and adaptable in a fast-paced environment.

Nice to Have

• Experience working for or with a Cloud Service Provider (CSP) pursuing FedRAMP, a 3PAO, or a federal agency.
• Expert-level knowledge of FedRAMP requirements, documentation standards, and the JAB/Agency authorization process.
• Technical background (e.g., Federal Security Engineer, ISSO, Auditor, ATO specialist, or FedRAMP Assessor).
• Security certifications like CAP, CISA, CISSP-ISSEP, Certified CMMC Professional (CCP), or FedRAMP Provisional Assessor.

Team & Environment

You'll be part of Vanta's Security organization, which provides security operational services, sets policies, and offers advisory services.

Benefits & Compensation

• Industry-competitive compensation
• 100% covered medical, dental, and vision benefits with dependents coverage
• 16 weeks fully-paid parental Leave for all new parents
• Health & wellness and remote workplace stipends
• Family planning benefits through Carrot Fertility
• 401(k) matching
• Flexible work hours and location
• Open PTO policy
• 11 paid holidays in the US
• Offices in SF, NYC, London, Dublin, and Sydney

Work Mode

This is a fully remote position open to candidates based in the US.

At Vanta, we are committed to hiring diverse talent of different backgrounds and as such, it is important to us to provide an inclusive work environment for all. We do not discriminate on the basis of race, gender identity, age, religion, sexual orientation, veteran or disability status, or any other protected class.