Compliance & Policy Analyst – Agentic AI

Job Description

Company: Peraton Labs

Location: Hagerstown, US

About Peraton

Peraton is a next‑generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace.

The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees solve the most daunting challenges that our customers face. Visit to learn how we’re keeping people around the world safe and secure.
About

The Role

Peraton Labs is seeking a Compliance & Policy Analyst to help establish, maintain, and mature the written compliance posture of our Agentic AI platform environment. This individual will play a critical role in ensuring our documented security and compliance artifacts accurately reflect the infrastructure, controls, and operational realities of the platform.

This role will own the development and maintenance of core compliance documentation, including System Security Plans (SSPs), supporting policies and standard operating procedures, POA&M management, and audit evidence coordination. The ideal candidate is highly detail‑oriented, strong in policy and control documentation, and comfortable working closely with platform and security engineers to translate technical implementation into clear, auditor‑ready language.

This is a high‑trust role at the intersection of compliance, policy, and platform execution. The right candidate will serve as the connective tissue between what is written, what is required, and what is actually built and operated.
Key Responsibilities
• Own and maintain the written compliance posture of the Agentic AI platform
• Author, update, and evolve System Security Plans (SSPs) and related compliance artifacts in support of ATO and broader assessment efforts
• Develop additional SSPs and associated documentation required to support expanding authorization needs
• Build, organize, and maintain a comprehensive security policy and SOP library aligned to relevant control frameworks
• Manage POA&M including documenting gaps, tracking remediation progress, and maintaining visibility into open items
• Coordinate and run evidence collection cycles in support of internal reviews, external assessments, and audit activities
• Serve as the primary compliance point of contact for internal auditors, external assessors, and compliance stakeholders
• Partner closely with platform, cloud, and security engineers to validate that documented control narratives accurately reflect implemented infrastructure and operational practices
• Review architecture diagrams, infrastructure‑as‑code, technical diagrams, and engineering documentation to ensure compliance materials remain accurate and defensible
• Help ensure consistency, traceability, and quality across all compliance documentation and supporting artifacts
• Identify documentation gaps, policy inconsistencies, or control narrative issues early and drive them to resolution
• Support the maturation of repeatable compliance processes that strengthen audit readiness over time
Qualifications

Required Qualifications
• Minimum of BS with 5+ years of experience, MS/PhD with 3+ years of experience in security compliance, GRC, cybersecurity policy, or related compliance‑focused roles
• Deep hands‑on experience authoring and maintaining System Security Plans (SSPs) aligned to NIST 800‑171 and NIST 800‑53
• Demonstrated experience supporting systems through ATO efforts, formal security assessments, and/or CMMC readiness activities
• Experience managing POA&M, coordination remediation tracking, and running structured evidence collection cycles
• Strong background serving as a primary point of contact for auditors, assessors, and compliance stakeholders
• Proven ability to build and maintain policy libraries, standards, and SOPs aligned to a formal control framework
• Ability to read and interpret architecture…

Source: Learn4Good