GRC Manager
Arlington, Virginia, United States of America
Full Time
6 hours ago
No Visa Sponsorship
Key skills
Cyber SecurityAILeadershipRisk ManagementRemote Work
About this role
Role Overview
- Design, implement, and manage the enterprise GRC program, establishing policies, standards, and procedures aligned with NIST SP 800-171, CMMC 2.0, and other applicable federal frameworks.
- Lead CMMC Level 2 certification efforts end-to-end, including gap assessments, remediation planning, System Security Plan (SSP) development, and coordination with third-party assessors (C3PAOs).
- Develop and maintain a comprehensive risk management framework, conducting regular risk assessments and presenting risk posture and mitigation strategies to executive leadership.
- Establish continuous monitoring capabilities and compliance automation to maintain ongoing adherence to NIST 800-171 controls across all 14 security families.
- Serve as the primary point of contact for all regulatory audits, government compliance reviews, and customer security questionnaires.
- Collaborate cross-functionally with Engineering, Product, and Operations teams to embed security and compliance requirements into development workflows without creating friction.
- Build and maintain the Plan of Action & Milestones (POA&M) process, tracking deficiencies and driving remediation to closure.
- Develop and deliver security awareness training programs tailored to technical and non-technical audiences.
- Advise leadership on evolving regulatory landscapes, emerging threats, and investment priorities to strengthen the organization’s security posture.
- Evaluate and manage third-party vendor risk, ensuring supply chain security and compliance with flow-down requirements.
Requirements
- 10+ years of information security experience, including 5+ years leading and maturing GRC programs within defense, intelligence, or technology sectors.
- Deep mastery of NIST SP 800-171, NIST SP 800-53, and CMMC 2.0, with a track record of leading organizations through formal certification and assessment processes.
- Strong command of DFARS 252.204-7012 and CUI requirements, including hands-on development of System Security Plans (SSPs) and POA&Ms.
- Proven ability to translate complex regulatory and compliance mandates into actionable guidance for engineering and business teams.
- Must be a U.S. citizen and able to obtain and maintain a U.S. security clearance.
- Bachelor’s degree in Information Security, Cybersecurity, Computer Science, or a related field. Advanced degree preferred.
Tech Stack
- Cyber Security
Benefits
- Competitive salary with comprehensive medical, dental, and vision benefits.
- Flexible remote work with a mission-driven, fast-moving team.
- Career growth in a rapidly scaling defense-tech company at the forefront of maritime AI.