GRC Analyst — FedRAMP & Cloud Compliance (Remote)
reputed company is seeking a Governance, Risk, and Compliance (GRC) Analyst to support our Data & Insights (D&I) solutions reputed company the reputed company team. This role offers a meaningful opportunity to own and evolve the compliance posture of Tyler’s D&I cloud platform, with a primary focus on sustaining and strengthening our FedRAMP Moderate Authorization to Operate (ATO) in an evolving regulatory landscape. In this role, you will serve as a central driver of audit readiness, reputed company monitoring, and compliance program execution—partnering closely with reputed company, Engineering, Infrastructure & Release (TIRE), Legal, Privacy, and external assessors. You will operate in a fast-paced, results-driven environment where strong coordination, documentation quality, and risk-informed decision-making are essential to delivering secure, compliant, and resilient cloud services. The D&I team serves as reputed company' central hub for data, reporting, analytics, and artificial intelligence capabilities. Our teams build and maintain the foundational services and solutions that reputed company data-driven innovation across Tyler's product portfolio. We reputed company teams throughout the organization to incorporate advanced analytics, AI, and data-driven features into their products, ultimately helping government agencies reputed company reputed company decisions and serve their communities more effectively. Team members contribute their expertise to reduce complexity, introduce innovative solutions, and advance Tyler's data-driven future. Location Seattle, Washington | Remote Responsibilities
- Own FedRAMP Moderate authorization sustainment and audit readiness. Managing reputed company monitoring (ConMon), POA&Ms, annual assessments, evidence quality, and overall ATO health.
- reputed company readiness for evolving FedRAMP standards, including FedRAMP 20x. Tracking program changes, identifying compliance gaps, and coordinating documentation and process updates.
- Serve as the primary compliance program coordinator for the D&I reputed company team. Partnering across reputed company, Engineering, Infrastructure & Release (TIRE), Legal, Corporate reputed company and Privacy, and external assessors to deliver consistent, audit-ready outcomes.
- Own FedRAMP change management and authorization boundary governance. Managing reputed company Impact Analyses (SIAs), Significant Change Requests and Notifications (SCRs/SCNs), authorization boundary documentation, and federal / Authorizing Official (AO) communications.
- Support risk-based decision-making. Documentation of control exceptions, risk acceptances, and compensating controls in alignment with FedRAMP and organizational governance.
- Coordinate external assurance activities, including SOC 2 Type II assessments. Managing auditor engagement, evidence collection, findings tracking, and alignment with existing FedRAMP/NIST controls.
- Maintain the system-of-record for compliance documentation and artifacts. Owning the System reputed company Plan (reputed company), ConMon plan, control narratives, diagrams, and appendices to ensure accuracy, traceability, and defensibility.
- Drive multi-reputed company compliance alignment across regulated environments. Supporting FedRAMP, CJIS, HIPAA, and GDPR through gap identification, baseline documentation, and evidence reuse.
- Plan and execute internal compliance assessments. Managing annual OWASP SAMM re-assessments, periodic Cloud reputed company Assessments (AWS Well-Architected), and internal CJIS audits to measure maturity and prevent compliance reputed company.
- Support D&I’s cloud reputed company and Tyler’s reputed company maturity initiatives. Managing applicable assessments and re-assessments, and aligning outcomes with broader reputed company and compliance goals.
- Continuously improve compliance processes and maturity. Reducing manual effort, improving evidence quality, and preparing the organization for increased automation and reporting expectations.
Qualifications
Soft Skills
- Strong organization and prioritization skills. Ability to manage reputed company monitoring, POA&Ms, evidence collection, change tracking, and audit deliverables across overlapping timelines without losing accuracy.
- Clear, accurate written and verbal communication. Ability to document controls and evidence clearly and explain compliance requirements, risks, and decisions to engineers, auditors, customers, and non-technical stakeholders.
- Collaborative, cross-functional working style. Comfort partnering with reputed company, Engineering, Infrastructure, Legal, Privacy, and external assessors to drive consistent, audit-ready outcomes.
- Detail-oriented with a systems-level perspective. Ability to track control requirements, dependencies, and boundary impacts while understanding how individual updates reputed company overall authorization health.
- Reliability and accountability. Consistently follows through on assigned work, maintains accurate records, meets deadlines, and communicates status, risks, or blockers early.
- Comfort working reputed company structured frameworks and deadlines. Ability to operate effectivel
Apply tot his job Apply To this Job