Governance, Risk & Compliance (GRC) Manager
AshbyHQ - ATS
About Northwood Northwood is a modern space infrastructure company focused on connecting space and Earth. The world runs on space. Space will run on Northwood. Our global ground network ensures that missions ranging from national security, to global connectivity, to disaster response can unlock their full potential and operate every day without fail. Role Overview As Governance, Risk & Compliance (GRC) Lead, you will own Northwood's compliance program across CMMC, FedRAMP, SOC 2, and ITAR — building the policies, processes, and evidence frameworks that enable the company to operate as a trusted dual-use space communications provider. This is a senior individual contributor role for a practitioner who combines deep regulatory knowledge with the technical fluency to work directly with security engineering, network, and product teams to translate compliance requirements into operational reality. You will serve as the primary point of contact for government customers, third-party assessors, and internal stakeholders on all matters related to compliance posture, risk management, and audit readiness. You will work across Northwood's full security stack — spanning on-premises infrastructure, AWS GovCloud, GCC, and corporate systems — to ensure controls are implemented, documented, and defensible. This role reports to the Head of Security. Responsibilities Compliance Program Ownership Own Northwood's compliance program across CMMC Level 2, FedRAMP, SOC 2 Type II, and ITAR, including control mapping, gap assessment, remediation tracking, and audit preparation. Maintain Northwood's System Security Plan (SSP), Plan of Action and Milestones (POA&M), and associated compliance documentation in alignment with NIST 800-171 and applicable frameworks. Coordinate and manage third-party assessments, including C3PAO engagements for CMMC, FedRAMP 3PAO assessments, and SOC 2 audits, serving as the primary assessor liaison. Monitor the regulatory environment for changes to CMMC, FedRAMP, DFARS, and ITAR requirements and assess impact on Northwood's compliance posture. Risk Management Build and maintain Northwood's enterprise risk management program, including risk register development, risk scoring methodology, and executive-level risk reporting. Conduct and facilitate periodic risk assessments across security domains, incorporating input from security engineering, network, product, and operations teams. Identify, track, and drive remediation of compliance gaps and security control deficiencies, working directly with technical teams to ensure timely closure. Develop and maintain risk acceptance processes, exception management workflows, and compensating control documentation. Policy & Control Framework Develop, maintain, and enforce Northwood's security policy library, including acceptable use, access control, incident response, data classification, and CUI handling policies. Map Northwood's control environment across overlapping frameworks — NIST 800-171, NIST 800-53, SOC 2 Trust Services Criteria, and FedRAMP — to reduce duplicative compliance effort and maximize control reuse. Define and maintain the control evidence collection program, ensuring audit artifacts are continuously gathered, organized, and accessible for assessment cycles. Partner with the Security Engineering Lead, Security Operations Lead, and Product Security Lead to validate that technical controls are implemented in alignment with documented policies and compliance requirements. ITAR & CUI Program Management Own Northwood's CUI program, including data classification guidance, CUI handling procedures, marking standards, and employee training. Maintain ITAR compliance program documentation, including technology control plans, export authorization tracking, and coordination with Northwood's legal counsel on regulatory obligations. Ensure network segmentation, access controls, and data handling practices across Northwood's infrastructure appropriately enforce CUI and ITAR boundaries in coordination with security and network engineering teams. Audit Readiness & Stakeholder Engagement Serve as the primary compliance point of contact for government customers, prime contractors, and subcontractors, including responding to security questionnaires, flow-down requirement reviews, and customer audit requests. Build and maintain audit readiness posture year-round, ensuring evidence collection, control testing, and documentation currency do not become point-in-time exercises. Brief executive leadership and the Head of Security on compliance status, upcoming assessment milestones, and material risk items requiring business-level decisions. Develop and deliver security awareness and compliance training programs for Northwood employees, with targeted content for personnel handling CUI or operating in ITAR-controlled environments. Basic Qualifications 5+ years in a governance, risk, and compliance role with demonstrated ownership of enterprise compliance programs in a regulated environment. Deep working knowledge of CMMC Level 2 and NIST SP 800-171, including SSP development, POA&M management, and C3PAO assessment preparation. Experience managing FedRAMP authorization processes, including boundary definition, control implementation documentation, and 3PAO coordination. Hands-on experience with SOC 2 Type II audits, including control mapping, evidence collection, and auditor engagement. Familiarity with ITAR compliance requirements, including technology control plans, export authorization processes, and CUI program management. Demonstrated ability to translate technical security controls into compliance documentation and audit evidence across multiple overlapping frameworks. Experience conducting risk assessments and maintaining enterprise risk registers with executive-level reporting. Strong technical fluency — this role works directly with security engineering and infrastructure teams and requires the ability to evaluate technical control implementations against compliance requirements. Ability to obtain and maintain a TS/SCI clearance. U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations. Preferred Qualifications Active TS clearance or higher. Experience working within the Defense Industrial Base, including prime or subcontractor compliance environments with DFARS flow-down obligations. Familiarity with eMASS or similar government assessment and authorization management tools. Experience with GRC platforms for control tracking, evidence management, and audit workflow automation. Knowledge of Northwood's core infrastructure environment, including AWS GovCloud, Microsoft GCC, and on-premises security tooling, and how these map to FedRAMP and CMMC control boundaries. Experience developing and delivering security awareness and CUI handling training programs. Familiarity with DFARS View phone number on click.appcast.io incident reporting obligations and coordination with DIBCAC or DCSA. Professional certifications such as CISSP, CISM, CISA, CCSK, or equivalent GRC credentials. CMMC Registered Practitioner (RP) or Certified Professional (CP) designation. Additional Information To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Northwood is an Equal Opportunity Employer; employment with Northwood is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status. #J-18808-Ljbffr AshbyHQ - ATS
$162k - $310k
GRC Program Manager, US Government Compliance Security - Washington, DC This role is based in Washington, DC. We use a hybrid work model of 3 days in the... ...assistance to new employees. About the Team Governance, Risk, and Compliance (GRC) is foundational to Security...SuggestedWork at officeRelocation package$90k - $120k
Third Party GRC Analyst job at Gulf Coast Automation Group. Los Angeles, CA.... ...with our client to find a Third Party Governance, Risk, and Compliance (GRC) Analyst! This position is a key... ...supports the execution of Third Party Risk Management (TPRM), Client Compliance, and IT...SuggestedRemote workVisa sponsorship- 3rd Party Governance, Risk and Compliance (GRC) Analyst (Law Firm Exp) job at SourcePro Search, LLC. Los Angeles, CA. We are conducting a search for... ...Party GRC function, which includes Third Party Risk Management (TPRM), Client Compliance and IT Risk Management. This...Suggested
- ...GRC Analyst The GRC Analyst is responsible for helping to provide compliance and oversight of all our Corporation's Authorization and... ...requirements as it relates to our government business including but not... ...Additionally, the position manages the Sensitive...Suggested
$38 - $47 per hour
...is looking for a Sr. GRC Analyst who will play... ...Continuous Improvement, Management Self-Identification &... ...programs that enhance risk ownership, facilitate... ...policy and procedure governance, issue management, and... ...lifecycle for risk, audit and compliance findings, ensuring...SuggestedHourly payFull timeWork at office$90k - $120k
Itlearn360 is seeking a Third Party GRC Analyst in Los Angeles, CA, to support Third Party Risk Management and Client Compliance programs. This position requires strong knowledge of GRC principles and experience in regulated industries. The role comes with a compensation...Remote job$70k - $90k
...experience. When you join RadNet as a Governance, Risk and Compliance Analyst , you will be joining a... .... Assist in third‑party vendor risk management (VRM) by evaluating security controls... ...strategies. Previous experience in a GRC, IT security, risk management, or compliance...Work experience placementImmediate startFlexible hours- Itlearn360 is seeking an experienced Third Party Governance, Risk and Compliance (GRC) Analyst in Los Angeles, CA. The ideal candidate should have... ...involves executing GRC functions including Third Party Risk Management, Client Compliance, and IT Risk Management....
$38 - $47 per hour
A prominent credit union is seeking a Sr. GRC Analyst in Los Angeles. The successful candidate will support risk management initiatives and policies, enhancing risk ownership across the organization. Responsibilities include continuous improvement of GRC frameworks and...Hourly payFull time$90k - $105k
...Summary SHEIN Global Security & Risk Management is a global security organization that... ..., risk management, data privacy, governance and regulatory compliance across SHEIN’s global footprint. It... ...our common values and vision. The GRC Risk Analyst, a thought leader residing...Full timeTemporary workWork at officeFlexible hours$161.3k - $189.7k
...West Monroe is seeking a Compliance Manager to join the internal Risk, Compliance & Cybersecurity (RCC) team. This... ...firm’s cybersecurity compliance and governance programs while leveraging automation, AI capabilities, and integrated GRC tooling to reduce manual effort and...Local areaFlexible hours$100k - $120k
...are excited to invite a Strategic Customer Success Manager to join our team! Are you passionate about... ...SAI360 is giving companies a new perspective on risk management. By integrating Governance, Risk, Compliance (GRC) software and Ethics &Compliance Learning resources...Contract workWork at officeRemote work- SHEIN Distribution Corporation in Los Angeles is seeking a GRC Risk Manager responsible for implementing the risk management framework and ensuring compliance across global operations. Candidates should have extensive experience in information security risk management,...
- ...Technology Security Analyst to strengthen their cybersecurity governance program. The ideal candidate should have at least 5 years of experience... ...position entails developing security policies, conducting risk assessments, and monitoring cybersecurity incidents. The...
$118k - $128k
The MRO Program Manager will lead the design, implementation, and long‑term sustainability... ...the central owner of MRO systems, data governance, and process transformation, you will... ...PM) kitting, training coordination, EHS compliance support, and material readiness. Serving...- ...age, disability, or genetic information.## Human Resources & Compliance Manager· Full-time#### About The Position**Position Title:** HR & Compliance... ...administration, significantly reducing organizational risk and ensuring that HR systems, policies, and practices are implemented...Full timeLocal area
- A leading construction company is seeking a Director, Legal to oversee all legal affairs and ensure compliance with corporate governance. This role manages litigation, provides legal guidance on business transactions, and works closely with senior leadership. The ideal...Contract workRemote work
$153k - $203k
...transforming the multi-trillion dollar wealth management industry by building an AI platform for... ...The opportunity We're hiring a Compliance Director to own a major pillar of... ...assess, and escalate emerging regulatory risk; recommend and implement enhancements to...Work at officeImmediate startShift work3 days per week$134k - $348.5k
...As an Asset and Wealth Management - Regulatory Reporting... ..., and mitigating risks effectively. Within our... ...strategic guidance on compliance strategies. As a Director... ...internal controls and governance frameworks Promoting... ...Governance Risk Compliance (GRC) to maintain industry...H1b$110k - $130k
...or an alternative application process. Regulatory Project Manager Salary Range: $110,000.00 To $130,000.00 Annually... ...ready. Track project milestones and proactively identify risks to timelines or compliance. Serve as a point of contact on regulatory project status...Fixed term contractWork at office- Morrison Express in Los Angeles is seeking a qualified candidate for a legal compliance role focused on risk management and in-house training. The ideal candidate will have a Bachelor’s degree in risk management, law, or related fields, and at least 4-5 years of experience...
- ...Chief Compliance Officer (CCO) About the Company Fast-growing healthcare services platform... ...compliance, regulatory, quality, and risk oversight functions. This executive will... ...collaborative and fact-driven approach. Hiring Manager Title CEO and President Functions...
- ...navigates the regulatory landscape effectively, minimizing risk, and maintaining compliance. Applicants for the Head of Policy position at the... ...essential. The role requires prior experience in engaging with government and regulatory bodies, industry associations, and a...
$80k - $120k
...detail-oriented Retirement Plan Compliance Analyst to join our team. As... .... Document Production/Management: Adhere to document... ...Filing : File documents with government agencies as needed Client... ...proactive steps to mitigate risks. Keep stakeholders up to...Temporary workWork at officeLocal areaVisa sponsorshipWork visaFlexible hours$188k - $282k
...and results-driven Director of Product, GRC/compliance, to lead our core product strategy, roadmap... ...complex regulatory frameworks, risk assessment workflows, and audit practices... ...toward $500M+ ARR. Team Ownership : Manage and mentor a high-performing organization...- Motive Partners is looking for a Compliance Analyst to join its in-house Legal & Compliance team in Santa Monica. This role involves implementing and maintaining employee compliance programs to ensure regulatory adherence. Ideal candidates should hold a bachelor’s degree...
$124.8k - $148k
...Posting Title Strategic Sourcing Manager Requisition Number R237994 Company... ...optimization, supplier performance, risk mitigation, compliance, and value creation through strategic... ...Own supplier performance management, governance, and relationship development to ensure...Contract workWork at officeLocal area$198k - $368k
...is currently seeking a Director, Security Compliance to join our Digital Security team.... ...comprehensive specialist-level knowledge of risk, compliance, and information security controls... ...and challenging the status quo; manage and review those team members' work product...Temporary workH1bLocal area$130k - $165k
...Description: The Director of Compliance is responsible for developing... ...and local laws and regulations governing physician practices,... ...annual enterprise-wide compliance risk assessments. Develop annual compliance... ...documentation Evaluation & Management coding Chemotherapy...Full timeWork at officeLocal area$74k - $230k
...seeking an experienced Environmental, Health, and Safety Manager in Los Angeles to oversee safety programs for various... ...responsibilities include developing safety programs, conducting risk assessments, and ensuring compliance with health and safety laws. This position offers a...For contractors
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Governance, Risk & Compliance (GRC) Manager. Be the first to apply!
- risk management associate Los Angeles, CA
- senior risk manager Los Angeles, CA
- enterprise risk manager Los Angeles, CA
- risk management specialist Los Angeles, CA
- head of risk management Los Angeles, CA
- director credit risk Los Angeles, CA
- director of risk management Los Angeles, CA
- risk management manager Los Angeles, CA
- operational risk manager Los Angeles, CA
- regulatory affairs director Los Angeles, CA

