Senior Governance, Risk, and Compliance Engineer
Remote or hybrid work flexibility within the United StatesFull-TimeSenior
Salary110,336 - 144,459 USD per year
Apply NowOpens the employer's application page
Job Details
- Experience
- 5–8+ years
- Required Skills
- Risk Management
Requirements
- 5–8+ years of experience in cybersecurity compliance, GRC, or security engineering with hands-on ownership of NIST 800-171 and CMMC programs.
- Proven experience building SSPs, POA&Ms, and leading audit readiness or C3PAO assessment processes.
- Strong understanding of DFARS cybersecurity clauses and CMMC 2.0 framework structure and assessment methodologies.
- Technical background in cloud security, systems administration, or security engineering sufficient to lead control implementation discussions.
- Experience defining and managing CUI environments, including network architecture, IAM, logging, and encryption practices.
- Ability to translate complex regulatory and technical requirements into clear guidance for non-technical stakeholders.
- Experience working cross-functionally with legal, compliance, engineering, and executive leadership teams.
- Familiarity with risk management frameworks and enterprise GRC processes.
- Bachelor’s degree in Computer Science, Cybersecurity, or equivalent practical experience.
Responsibilities
- Architect and own the full CMMC compliance program, including scoping, control mapping, SSP/POA&M development, and audit readiness across the organization.
- Translate DFARS requirements into operational security controls, ensuring compliance with clauses such as 7012, 7019, and 7020, including accurate SPRS reporting.
- Lead preparation for and coordination of C3PAO assessments, including evidence collection, audit documentation, and engagement with external assessors.
- Design and maintain secure CUI environments, including segmentation, encryption standards, access control, and boundary definitions aligned with CMMC requirements.
- Drive implementation and validation of NIST 800-171 security controls in partnership with engineering and infrastructure teams.
- Serve as the primary GRC and CMMC subject matter expert, advising stakeholders across engineering, legal, contracts, and leadership teams.
- Conduct internal audits and continuous compliance monitoring to ensure ongoing alignment with regulatory and contractual obligations.
- Build and manage enterprise risk management frameworks, including risk registers, remediation tracking, and executive reporting dashboards.
- Own and evolve GRC tooling and processes to support evidence management, compliance tracking, and organizational visibility.
- Collaborate with legal and procurement teams to evaluate contracts for CUI, ITAR, and EAR implications and associated compliance requirements.
View Full Description & ApplyYou'll be redirected to the employer's site
