Governance, Risk, and Compliance Engineer

Role Summary

The Governance, Risk, and Compliance (GRC) Engineer supports the implementation, validation, and continuous monitoring of security and compliance controls across the organization. This role ensures alignment with regulatory and contractual requirements and maintains audit readiness against frameworks such as NIST SP 800‑171 and CMMC Level 2. The GRC Engineer works closely with technology teams and business stakeholders to assess risk, remediate gaps, and improve compliance processes.

• Support the implementation and validation of security and compliance controls aligned with NIST SP 800‑171 and CMMC Level 2.
• Ensure compliance evidence is accurate, complete, and audit‑ready.
• Collaborate with service owners to conduct risk assessments, document findings, and track remediation activities through closure.
• Maintain and update risk registers, including residual risk and mitigation plans.
• Prepare audit artifacts and coordinate walkthroughs and interviews for internal and external audits.
• Drive remediation efforts with control owners and support prevention of recurring audit findings.
• Contribute to the creation, review, and revision of security and compliance policies.
• Support role‑based security training, awareness activities, and phishing campaigns.
• Develop and maintain reporting workflows to track compliance status, risk metrics, and remediation progress.
• Partner with cross‑functional teams to translate compliance requirements into operational processes.
• Participate in onsite or virtual audits as required to verify ongoing compliance.

• 3+ years of experience in governance, risk, compliance, information security, or a related field.
• Experience supporting compliance initiatives aligned with NIST SP 800‑171 and CMMC Level 2.
• Working knowledge of vulnerability management and risk management practices.
• Experience with governance, risk, and compliance platforms and IT service management tools.
• Familiarity with ISO 27001 and information security awareness programs.
• Strong documentation, organizational, and communication skills.

• Security or compliance certifications such as Security+, CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, CCP, or CMMC Certified Professional.
• Experience maintaining audit‑ready evidence and supporting remediation activities across multiple teams.

We believe hybrid work is the way forward as we strive to provide flexibility wherever possible. Based on this role’s business requirements, this is a hybrid position requiring 3 days a week in our office in Blue Ash, Ohio. Regardless of your working arrangement, we are here to support a healthy work-life balance through our various wellbeing programs.

The working arrangements for this role are accurate as of the date of posting. This may change based on the project you’re engaged in, as well as business and client requirements. Rest assured; we will always be clear about role expectations.

Candidates must be legally authorized to work in the United States. Employment eligibility verification will be required at the time of hire.

Applications will be accepted until June 25, 2026.