GRC Manager

Quartermaster

GRC Manager leading governance, risk, and compliance initiatives for Quartermaster AI, enhancing maritime security through cutting-edge technology and AI.

Posted 4/22/2026full-timeArlington • Virginia • 🇺🇸 United StatesSeniorLeadWebsite

Tech Stack

Tools & technologies

Cyber Security

About the role

Key responsibilities & impact

Design, implement, and manage the enterprise GRC program, establishing policies, standards, and procedures aligned with NIST SP 800-171, CMMC 2.0, and other applicable federal frameworks.
Lead CMMC Level 2 certification efforts end-to-end, including gap assessments, remediation planning, System Security Plan (SSP) development, and coordination with third-party assessors (C3PAOs).
Develop and maintain a comprehensive risk management framework, conducting regular risk assessments and presenting risk posture and mitigation strategies to executive leadership.
Establish continuous monitoring capabilities and compliance automation to maintain ongoing adherence to NIST 800-171 controls across all 14 security families.
Serve as the primary point of contact for all regulatory audits, government compliance reviews, and customer security questionnaires.
Collaborate cross-functionally with Engineering, Product, and Operations teams to embed security and compliance requirements into development workflows without creating friction.
Build and maintain the Plan of Action & Milestones (POA&M) process, tracking deficiencies and driving remediation to closure.
Develop and deliver security awareness training programs tailored to technical and non-technical audiences.
Advise leadership on evolving regulatory landscapes, emerging threats, and investment priorities to strengthen the organization’s security posture.
Evaluate and manage third-party vendor risk, ensuring supply chain security and compliance with flow-down requirements.

Requirements

What you’ll need

10+ years of information security experience, including 5+ years leading and maturing GRC programs within defense, intelligence, or technology sectors.
Deep mastery of NIST SP 800-171, NIST SP 800-53, and CMMC 2.0, with a track record of leading organizations through formal certification and assessment processes.
Strong command of DFARS 252.204-7012 and CUI requirements, including hands-on development of System Security Plans (SSPs) and POA&Ms.
Proven ability to translate complex regulatory and compliance mandates into actionable guidance for engineering and business teams.
Must be a U.S. citizen and able to obtain and maintain a U.S. security clearance.
Bachelor’s degree in Information Security, Cybersecurity, Computer Science, or a related field. Advanced degree preferred.

Benefits

Comp & perks

Competitive salary with comprehensive medical, dental, and vision benefits.
Flexible remote work with a mission-driven, fast-moving team.
Career growth in a rapidly scaling defense-tech company at the forefront of maritime AI.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GRC program managementNIST SP 800-171CMMC 2.0risk management frameworkSystem Security Plan (SSP)gap assessmentscompliance automationPlan of Action & Milestones (POA&M)security awareness trainingthird-party vendor risk management

Soft Skills

leadershipcollaborationcommunicationproblem-solvingadvisory skillspresentation skillsorganizational skillsstrategic thinkingcross-functional teamworkguidance translation