Senior Governance, Risk, and Compliance Engineer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Governance, Risk, and Compliance Engineer in United States.

This role sits at the intersection of advanced cybersecurity engineering and regulatory compliance within a highly complex, research-driven technology environment. You will take ownership of end-to-end GRC and CMMC programs, ensuring that security controls, policies, and technical implementations meet stringent defense and federal compliance standards. Acting as a key subject matter expert, you will bridge engineering, legal, and operations teams to translate regulatory obligations into scalable, enforceable security architectures. The position requires both strategic oversight and hands-on execution, from designing compliant cloud and network environments to leading audit readiness and assessments. You will play a critical role in shaping how the organization handles sensitive controlled unclassified information (CUI) and navigates DFARS requirements. This is a high-impact role where your work directly influences national security-aligned compliance posture and enterprise risk management maturity.

• Architect and own the full CMMC compliance program, including scoping, control mapping, SSP/POA&M development, and audit readiness across the organization.
• Translate DFARS requirements into operational security controls, ensuring compliance with clauses such as 7012, 7019, and 7020, including accurate SPRS reporting.
• Lead preparation for and coordination of C3PAO assessments, including evidence collection, audit documentation, and engagement with external assessors.
• Design and maintain secure CUI environments, including segmentation, encryption standards, access control, and boundary definitions aligned with CMMC requirements.
• Drive implementation and validation of NIST 800-171 security controls in partnership with engineering and infrastructure teams.
• Serve as the primary GRC and CMMC subject matter expert, advising stakeholders across engineering, legal, contracts, and leadership teams.
• Conduct internal audits and continuous compliance monitoring to ensure ongoing alignment with regulatory and contractual obligations.
• Build and manage enterprise risk management frameworks, including risk registers, remediation tracking, and executive reporting dashboards.
• Own and evolve GRC tooling and processes to support evidence management, compliance tracking, and organizational visibility.
• Collaborate with legal and procurement teams to evaluate contracts for CUI, ITAR, and EAR implications and associated compliance requirements.

Requirements:

• 5–8+ years of experience in cybersecurity compliance, GRC, or security engineering with hands-on ownership of NIST 800-171 and CMMC programs.
• Proven experience building SSPs, POA&Ms, and leading audit readiness or C3PAO assessment processes.
• Strong understanding of DFARS cybersecurity clauses and CMMC 2.0 framework structure and assessment methodologies.
• Technical background in cloud security, systems administration, or security engineering sufficient to lead control implementation discussions.
• Experience defining and managing CUI environments, including network architecture, IAM, logging, and encryption practices.
• Ability to translate complex regulatory and technical requirements into clear guidance for non-technical stakeholders.
• Experience working cross-functionally with legal, compliance, engineering, and executive leadership teams.
• Familiarity with risk management frameworks and enterprise GRC processes.
• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent practical experience.
• Preferred: experience in defense, national security, or regulated research environments, plus relevant certifications (CISSP, CISA, CISM, CRISC, CMMC credentials).

Benefits:

• Competitive base salary range of $110,336 - $144,459 USD
• Bonus and equity eligibility as part of total compensation package
• Comprehensive medical, dental, and vision insurance
• 401(k) retirement plan with employer matching
• Unlimited PTO and paid holidays
• Remote or hybrid work flexibility within the United States
• Home technology stipend and additional employee support programs
• Exposure to cutting-edge quantum computing and national security–adjacent technologies
• Inclusive and mission-driven work environment focused on equity and respect
• Opportunities for high-impact ownership of enterprise-wide compliance programs