GRC Program Lead

About The Position

Requirements

• Bachelor’s degree in a related field OR equivalent practical experience
• 7+ years of experience in GRC, cybersecurity, or compliance
• Experience with owning and operating enterprise compliance programs
• Experience with CMMC / NIST SP 800-171
• Experience with SOC 2 (implementation and audit support)
• Experience with NIST frameworks
• Experience with cross-functional coordination

Nice To Haves

• Experience with FedRAMP readiness or audits
• Professional certifications such as CISA, CISSP, CISM, CRISC, CCSP, or ISO 27001 Lead Implementer/Auditor
• Experience in federal contracting or regulated/public sector environments
• Experience with Vanta Trust Management Platform

Responsibilities

• Lead CMMC Level 2 implementation
• Lead SOC 2 Type II program development
• Support FedRAMP readiness and alignment
• Assess security risks across systems, services, projects, vendors, and control gaps
• Develop and maintain enterprise risk register
• Track risks across security, operations, vendor exposure, and AI/data usage
• Develop and enforce policies (data security, privacy, acceptable use/AI, access, vendors)
• Align policies to SOC 2, CMMC/NIST, and FedRAMP requirements
• Manage exceptions and risk acceptance processes
• Define governance for enterprise AI usage
• Partner with IT to enforce policies and monitor misuse/data leakage
• Conduct vendor security and compliance reviews
• Partner with Legal on contract risk and compliance
• Track contractual compliance obligations
• Oversee vulnerability management and endpoint/device compliance
• Define and track security baselines
• Validate control effectiveness through evidence-based assessments
• Coordinate CMMC, SOC 2, client audits, and FedRAMP readiness reviews
• Manage evidence collection, audit responses, remediation, and closure
• Establish governance for incident response processes
• Ensure proper documentation, classification, root cause analysis, and improvements
• Track trends and report risks to leadership
• Act as GRC liaison across IT, Legal, HR, and Operations
• Oversee business continuity and disaster recovery planning/testing
• Define and track KPIs, KRIs, and control effectiveness
• Own and manage the Vanta platform

Benefits

• Paid time off
• Matching 401(k) plan
• Student Loan Retirement Match Program
• Paid holidays
• Tuition reimbursement
• Health, dental, vision, life, and disability insurance
• Paid parental leave
• Wellness programs and employee resource groups
• Career development opportunities