Risk Compliance Officer

Reports To:

COO or CEO (preferred for independence)

CISO, Legal, HR, IT

Flexible

The Compliance & Risk Officer is responsible for enterprise risk management, regulatory compliance oversight, and internal control validation. This role ensures adherence to CMMC, ISO 27001, NIST 800-171, and other regulatory frameworks, while maintaining independence from operational security functions.

• Conduct annual and quarterly risk assessments
• Present risk posture to executive leadership

• Own CMMC/ISO 27001 certification lifecycle
• Maintain control mappings and documentation
• Conduct internal control testing
• Coordinate external audits and assessments
• Track corrective action plans

• Develop and maintain policies and procedures
• Ensure documentation meets auditor standards
• Oversee third-party/vendor risk assessments

• Validate security control effectiveness (not implement)
• Ensure separation of duties in security functions
• Identify compliance gaps and remediation plans

• 5+ years in risk management, compliance, or audit
• Experience with CMMC Level 2 and/or ISO 27001
• Familiarity with NIST 800-171 / 800-53
• Strong documentation and audit experience
• CRISC, CISA, ISO Lead Auditor, or similar preferred

• Timely remediation of identified risks
• Accurate and current risk register
• Successful certification maintenance

• Must be commuting distance of Santa Monica, CA.
• Must be comfortable workin on site.
• Must be a US Citizen or valid green card holder.