FedRAMP ATO Specialist (GRC Analyst)

Join our team as a FedRAMP ATO Specialist, where your primary focus will be supporting FedRAMP compliance across our three authorized platforms. You'll lead efforts around audit preparation, continuous monitoring (ConMon), change request submissions, and documentation updates. You'll also support related frameworks such as StateRAMP and TX-RAMP as needed.

About You – experience, education, skills, and accomplishments

• Bachelors degree in Cybersecurity, Computer Science, Information Systems, or a related discipline
• 3 years of hands-on experience supporting FedRAMP or federal compliance efforts
• 3 years of experience with FedRAMP documentation development and maintenance, particularly SSPs and policies
• 3 years of experience with continuous monitoring, including vulnerability scans, incident tracking, and system updates
• Must be a US Citizen or Green Card holder with the ability to obtain a Public Trust Clearance

It would be great if you also had . . .

• Certifications such as Security+, CAP, CISSP Associate, or FedRAMP-specific training
• Hands on experience conducting or supporting security control assessments based on NIST SP 800-53 Rev. 5
• Experience in the intellectual property or legal technology space
• Familiarity with cloud-based systems, especially SaaS platforms
• Familiarity with AWS, Azure, Salesforce, or other major cloud providers.
• Solid understanding of RMF and the NIST Cybersecurity Framework
• Proficiency in Windows-based environments and common cybersecurity tools (e.g., Nessus, Qualys, Splunk, Defender for Endpoint, AWS suite of tools, etc.)
• Understanding of FISMA requirements

What will you be doing in this role?

• Support the FedRAMP ATO process for enterprise-grade SaaS solutions used in federal IP portfolio management.
• Draft, review, and maintain key documentation such as System Security Plans (SSPs), Configuration Management Plan (CMP), Contingency Plan (CP) and Incident Response Plan, Policies & Procedures, and Plan of Action and Milestones (POA&M).
• Assist with the assessment of NIST SP 800-53 Rev. 5 security controls, including documentation of implementation details, testing procedures, and results.
• Coordinate with internal stakeholders, security teams, and external 3PAOs to manage system assessments and audits.
• Assist in the implementation and ongoing execution of continuous monitoring (ConMon) activities and reporting.
• Apply principles of the Risk Management Framework (RMF) and the NIST Cybersecurity Framework across the system development lifecycle.
• Track control implementations, document remediation efforts, and manage security artifacts in accordance with FedRAMP Moderate or High baselines.
• Leverage cybersecurity tools in a Windows-based environment to support vulnerability management, system hardening, and log analysis.
• Stay informed of updates to NIST guidance, FedRAMP baselines, and relevant compliance frameworks impacting government contractors.

About the Team

We are a team of security professionals from various walks of life with diverse experience. The overall team consists of 25 security professionals that report to the Chief Information Security Officer. We are spread out across the world with team members located in North America, Europe, and Asia. As a security team, our focus lies in four main areas (pillars) – Security Engineering and Operations, Product security, Security Architecture, and Governance Risk and Compliance. This position will sit on the Governance, Risk and Compliance (GRC) team.

Hours of Work

• Full-time permanent position primarily working core business hours in your time zone, with flexibility to adjust to various global time zones as needed
• Hybrid position working 2-3 days/week on-site
• Must live within a commutable distance to one of our US office locations: Alexandria, VA; Philadelphia, PA or Overland Park, KS

Clarivate is an Equal Opportunity Employer Vets/Minorities/Women/Disabled