Jobs · Finance · California

Governance, Risk & Compliance (GRC) Manager

Northwood · Torrance, CA · 3 wk ago
FinanceFull-time

Role Overview

As Governance, Risk & Compliance (GRC) Lead, you will own Northwood's compliance program across CMMC, FedRAMP, SOC 2, and ITAR — building the policies, processes, and evidence frameworks that enable the company to operate as a trusted dual-use space communications provider. This is a senior individual contributor role for a practitioner who combines deep regulatory knowledge with the technical fluency to work directly with security engineering, network, and product teams to translate compliance requirements into operational reality.

Responsibilities

  • Own Northwood's compliance program across CMMC Level 2, FedRAMP, SOC 2 Type II, and ITAR, including control mapping, gap assessment, remediation tracking, and audit preparation.
  • Maintain Northwood's System Security Plan (SSP), Plan of Action and Milestones (POA&M), and associated compliance documentation in alignment with NIST 800-171 and applicable frameworks.
  • Cook up and manage third-party assessments, including C3PAO engagements for CMMC, FedRAMP 3PAO assessments, and SOC 2 audits, serving as the primary assessor liaison.
  • Monitor the regulatory environment for changes to CMMC, FedRAMP, DFARS, and ITAR requirements and assess impact on Northwood's compliance posture.
  • Build and maintain Northwood's enterprise risk management program, including risk register development, risk scoring methodology, and executive-level risk reporting.
  • Conduct and facilitate periodic risk assessments across security domains, incorporating input from security engineering, network, product, and operations teams.
  • Identify, track, and drive remediation of compliance gaps and security control deficiencies, working directly with technical teams to ensure timely closure.
  • Develop and maintain risk acceptance processes, exception management workflows, and compensating control documentation.
  • Develop, maintain, and enforce Northwood's security policy library, including acceptable use, access control, incident response, data classification, and CUI handling policies.
  • Map Northwood's control environment across overlapping frameworks — NIST 800-171, NIST 800-53, SOC 2 Trust Services Criteria, and FedRAMP — to reduce duplicative compliance effort and maximize control reuse.
  • Define and maintain the control evidence collection program, ensuring audit artifacts are continuously gathered, organized, and accessible for assessment cycles.
  • Partner with the Security Engineering Lead, Security Operations Lead, and Product Security Lead to validate that technical controls are implemented in alignment with documented policies and compliance requirements.

Basic Qualifications

  • 5+ years in a governance, risk, and compliance role with demonstrated ownership of enterprise compliance programs in a regulated environment.
  • Deep working knowledge of CMMC Level 2 and NIST SP 800-171, including SSP development, POA&M management, and C3PAO assessment preparation.
  • Experience managing FedRAMP authorization processes, including boundary definition, control implementation documentation, and 3PAO coordination.
  • Hands-on experience with SOC 2 Type II audits, including control mapping, evidence collection, and auditor engagement.
  • Familiarity with ITAR compliance requirements, including technology control plans, export authorization processes, and CUI program management.
  • Demonstrated ability to translate technical security controls into compliance documentation and audit evidence across multiple overlapping frameworks.
  • Experience conducting risk assessments and maintaining enterprise risk registers with executive-level reporting.
  • Strong technical fluency — this role works directly with security engineering and infrastructure teams and requires the ability to evaluate technical control implementations against compliance requirements.
  • Ability to obtain and maintain a TS/SCI clearance.
  • U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.

Preferred Qualifications

  • Active TS clearance or higher.
  • Experience working within the Defense Industrial Base, including prime or subcontractor compliance environments with DFARS flow-down obligations.
  • Familiarity with eMASS or similar government assessment and authorization management tools.
  • Experience with GRC platforms for control tracking, evidence management, and audit workflow automation.
  • Knowledge of Northwood's core infrastructure environment, including AWS GovCloud, Microsoft GCC, and on-premises security tooling, and how these map to FedRAMP and CMMC control boundaries.
  • Experience developing and delivering security awareness and CUI handling training programs.
  • Familiarity with DFARS 252.204-7012 incident reporting obligations and coordination with DIBCAC or DCSA.
  • Professional certifications such as CISSP, CISM, CISA, CCSK, or equivalent GRC credentials.
  • CMMC Registered Practitioner (RP) or Certified Professional (CP) designation.

Similar jobs

IDC General Manager

Lowe's Companies, Inc.Suffolk, VA· 2 wk ago
Managementapply on talent.lowes.com

DCC General Manager

Dakota Sioux Casino & HotelSisseton, SD· 4 mo ago
Managementapply on recruiting2.ultipro.com

General Manager

Career Placement & RecruitingClarksville, TN· 1 wk ago
Manufacturingapply on cognitoforms.com

General Manager

CBX Solutions, LLCEverett, WA· 1 wk ago
Managementapply on jobs.dayforcehcm.com