GRC Manager

About The Position

Requirements

• 10+ years of information security experience, including 5+ years leading and maturing GRC programs within defense, intelligence, or technology sectors.
• Deep mastery of NIST SP 800-171, NIST SP 800-53, and CMMC 2.0, with a track record of leading organizations through formal certification and assessment processes.
• Strong command of DFARS 252.204-7012 and CUI requirements, including hands-on development of System Security Plans (SSPs) and POA&Ms.
• Proven ability to translate complex regulatory and compliance mandates into actionable guidance for engineering and business teams.
• Must be a U.S. citizen and able to obtain and maintain a U.S. security clearance.
• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, or a related field.

Nice To Haves

• Industry certifications such as CISSP, CISM, CRISC, CGRC, or CMMC Registered Practitioner (RP) / Certified Professional (CCP).
• Experience with GRC tooling and compliance automation platforms (e.g., Drata, Vanta, Archer, or similar).
• Familiarity with cloud security compliance in AWS, Azure, or GCP environments.
• Experience working in a high-growth startup or scale-up environment, building processes where none previously existed.
• Prior experience supporting DoD or IC programs with active security clearance.
• Knowledge of additional compliance frameworks (FedRAMP, SOC 2, ISO 27001) and their intersection with CMMC/NIST requirements.
• Advanced degree preferred.

Responsibilities

• Design, implement, and manage the enterprise GRC program, establishing policies, standards, and procedures aligned with NIST SP 800-171, CMMC 2.0, and other applicable federal frameworks.
• Lead CMMC Level 2 certification efforts end-to-end, including gap assessments, remediation planning, System Security Plan (SSP) development, and coordination with third-party assessors (C3PAOs).
• Develop and maintain a comprehensive risk management framework, conducting regular risk assessments and presenting risk posture and mitigation strategies to executive leadership.
• Establish continuous monitoring capabilities and compliance automation to maintain ongoing adherence to NIST 800-171 controls across all 14 security families.
• Serve as the primary point of contact for all regulatory audits, government compliance reviews, and customer security questionnaires.
• Collaborate cross-functionally with Engineering, Product, and Operations teams to embed security and compliance requirements into development workflows without creating friction.
• Build and maintain the Plan of Action & Milestones (POA&M) process, tracking deficiencies and driving remediation to closure.
• Develop and deliver security awareness training programs tailored to technical and non-technical audiences.
• Advise leadership on evolving regulatory landscapes, emerging threats, and investment priorities to strengthen the organization’s security posture.
• Evaluate and manage third-party vendor risk, ensuring supply chain security and compliance with flow-down requirements.

Benefits

• Competitive salary
• comprehensive medical, dental, and vision benefits
• Flexible remote work
• Career growth in a rapidly scaling defense-tech company at the forefront of maritime AI.