Senior GRC Engineer – Government

This is a fully remote position, open to applicants in United States.

📋 Description

• Evaluate and interpret CMMC requirements alongside NIST SP 800-171 controls to ensure clients adhere to Department of Defense cybersecurity standards.

• Create, implement, and sustain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other documentation required for CMMC.

• Perform gap assessments and readiness reviews for organizations seeking CMMC certification.

• Work in partnership with defense contractors to identify and address deficiencies in their cybersecurity programs to fulfill CMMC Level 1 and Level 2 criteria.

• Assist clients in navigating the CMMC assessment process while coordinating with Certified Third-Party Assessment Organizations (C3PAOs).

• Oversee and manage multiple CMMC compliance projects across various defense contractors, ensuring they are completed on time before contract deadlines.

• Lead and mentor a small team of compliance professionals to efficiently achieve CMMC goals.

• Keep abreast of evolving CMMC requirements, CMMC 2.0 rulemaking, and Department of Defense cybersecurity policies.

⛳️ Requirements

• Must be a U.S. citizen or permanent resident due to potential access to Controlled Unclassified Information (CUI).

• Over 5 years of experience in defense contractor compliance, with a focus on CMMC, NIST 800-171, NIST 800-53, or FedRAMP implementation.

• At least 3 years of leadership experience in managing or guiding a small team.

• In-depth knowledge of CUI handling requirements and DFARS clauses (252.204-7012, 252.204-7019, 252.204-7020, 252.204-7021).

• Proven experience with the implementation and assessment of NIST SP 800-171 controls.

• Familiarity with Department of Defense supply chain requirements and workflows of defense contractors.

• Experience collaborating with small to mid-sized defense contractors.

• Understanding of common GCC High, Azure Government, or AWS GovCloud environments.

• Capability to obtain U.S. public trust security clearance.

• Prior experience working directly with C3PAOs or as part of assessment teams.

🏝️ Benefits

• Reliable high-speed internet connection.

• Quiet, professional home office setup.