Senior Governance, Risk, and Compliance Engineer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Governance, Risk, and Compliance Engineer in United States.

This role sits at the intersection of advanced cybersecurity engineering and regulatory compliance within a highly complex, research-driven technology environment. You will take ownership of end-to-end GRC and CMMC programs, ensuring that security controls, policies, and technical implementations meet stringent defense and federal compliance standards. Acting as a key subject matter expert, you will bridge engineering, legal, and operations teams to translate regulatory obligations into scalable, enforceable security architectures. The position requires both strategic oversight and hands-on execution, from designing compliant cloud and network environments to leading audit readiness and assessments. You will play a critical role in shaping how the organization handles sensitive controlled unclassified information (CUI) and navigates DFARS requirements. This is a high-impact role where your work directly influences national security-aligned compliance posture and enterprise risk management maturity.

Accountabilities:

• Architect and own the full CMMC compliance program, including scoping, control mapping, SSP/POA&M development, and audit readiness across the organization.
• Translate DFARS requirements into operational security controls, ensuring compliance with clauses such as 7012, 7019, and 7020, including accurate SPRS reporting.
• Lead preparation for and coordination of C3PAO assessments, including evidence collection, audit documentation, and engagement with external assessors.
• Design and maintain secure CUI environments, including segmentation, encryption standards, access control, and boundary definitions aligned with CMMC requirements.
• Drive implementation and validation of NIST 800-171 security controls in partnership with engineering and infrastructure teams.
• Serve as the primary GRC and CMMC subject matter expert, advising stakeholders across engineering, legal, contracts, and leadership teams.
• Conduct internal audits and continuous compliance monitoring to ensure ongoing alignment with regulatory and contractual obligations.
• Build and manage enterprise risk management frameworks, including risk registers, remediation tracking, and executive reporting dashboards.
• Own and evolve GRC tooling and processes to support evidence management, compliance tracking, and organizational visibility.
• Collaborate with legal and procurement teams to evaluate contracts for CUI, ITAR, and EAR implications and associated compliance requirements.

Requirements:

• 5-8+ years of experience in cybersecurity compliance, GRC, or security engineering with hands-on ownership of NIST 800-171 and CMMC programs.
• Proven experience building SSPs, POA&Ms, and leading audit readiness or C3PAO assessment processes.
• Strong understanding of DFARS cybersecurity clauses and CMMC 2.0 framework structure and assessment methodologies.
• Technical background in cloud security, systems administration, or security engineering sufficient to lead control implementation discussions.
• Experience defining and managing CUI environments, including network architecture, IAM, logging, and encryption practices.
• Ability to translate complex regulatory and technical requirements into clear guidance for non-technical stakeholders.
• Experience working cross-functionally with legal, compliance, engineering, and executive leadership teams.
• Familiarity with risk management frameworks and enterprise GRC processes.
• Bachelor's degree in Computer Science, Cybersecurity, or equivalent practical experience.
• Preferred: experience in defense, national security, or regulated research environments, plus relevant certifications (CISSP, CISA, CISM, CRISC, CMMC credentials).

Benefits:

• Competitive base salary range of $110,336 - $144,459 USD
• Bonus and equity eligibility as part of total compensation package
• Comprehensive medical, dental, and vision insurance
• 401(k) retirement plan with employer matching
• Unlimited PTO and paid holidays
• Remote or hybrid work flexibility within the United States
• Home technology stipend and additional employee support programs
• Exposure to cutting-edge quantum computing and national security-adjacent technologies
• Inclusive and mission-driven work environment focused on equity and respect
• Opportunities for high-impact ownership of enterprise-wide compliance programs

How Jobgether works:

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

Why Apply Through Jobgether?


Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

#LI-CL1

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.