Governance, Risk and Compliance; GRC Manager

Overview

Frontgrade is seeking an experienced Governance, Risk, and Compliance (GRC) Manager to support and expand its Defense Industrial Base (DIB) operations. This role is responsible for leading and managing enterprise GRC programs with a strong focus on NIST 800-171 Rev. 2, CMMC, and NIST Cybersecurity Framework (CSF) compliance. The ideal candidate brings hands-on experience, strategic insight, and the ability to operationalize compliance across complex defense-focused environments.

• Lead and manage enterprise GRC programs aligned with NIST 800-171 Rev. 2, CMMC, and NIST CSF requirements.
• Expand and mature compliance capabilities to support growth in the defense and aerospace market.
• Design, document, and refine foundational GRC elements including processes, risk frameworks, and control frameworks.
• Conduct stakeholder interviews, facilitated workshops, and documentation reviews to assess and improve GRC maturity.
• Develop, implement, and maintain security policies, procedures, and standard operating procedures (SOPs).
• Develop, maintain, and track Plans of Action and Milestones (POA&Ms).
• Demonstrate expertise in access control, including role-based access control (RBAC) and permission inheritance.
• Identify external data sources and design integration strategies between GRC platforms and third-party systems.
• Evaluate on-premises and cloud-based architectures, assessing impacts to sustainability, performance, and scalability.
• Support the evaluation, documentation, testing, and implementation of ERP systems and enterprise applications.
• Prepare for and support internal and external audits, assessments, and regulatory reviews.

• Bachelor’s degree or equivalent military experience.
• Minimum of 10 years of experience in Cybersecurity, Technology, Risk Management, or External Audit.
• 5+ years of experience planning and leading IT audits and risk assessments.
• 4+ years of project or process management experience.
• Demonstrated ability to speak to CMMC standards, controls, and compliance processes.
• Hands-on experience developing and maintaining POA&Ms.
• Ability to travel up to 10%.
• Active Secret clearance or the ability to obtain one.

Preferred:

• 8+ years of experience performing information security or technology risk assessments, including NIST-based assessments.
• Active cybersecurity, risk, or project management certifications such as CISSP, CISM, CISA, CRISC, or related credentials.
• Excellent verbal and written communication skills with the ability to engage effectively at all organizational levels.
• Strong problem-solving, analytical, and critical-thinking skills with the ability to manage shifting priorities.

• This position requires access to technology, materials, software or hardware that is controlled by either ITAR or EAR U.S. export laws. As a condition to this job offer, in order to be employed in this position, you must be able to obtain an U.S. Government export license(s), as required by law.
• Pay Range: $110,800 - $165,000 annually
  . Applicable pay within the posted range may vary based on factors including, but not limited to, geographical location, job function of the position, education, and experience of the successful candidate.

WE ARE AN EQUAL OPPORTUNITY EMPLOYER

We welcome differences and celebrate new ideas. We believe the diversity of our people inspires our creativity and drives our innovation. Everyone is welcome here, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or genetic information.

We are committed to working with and providing reasonable accommodations to individuals with disabilities. If you need areasonable accommodation due to a disability for any part of the employment process, please email

If you have relevant skills that are not reflected in your resume, we welcome your application and encourage you to share more in an optional cover letter or to join our Talent Community Connect Portal - Connect ().