Federal Compliance Lead / Federal GRC Manager

We are looking for a strategic builder to lead our journey toward federal authorization and operational excellence. This is not a "check-the-box" role; it is a mission-critical position owning our roadmap to ATO (Authority to Operate).

You will be the architect of our compliance program, partnering directly with Engineering, Product, and Operations to translate frameworks like NIST 800-53, CMMC, and SOC 2 into sustainable, real-world practices. You won't just document controls—you will ensure they live and breathe in our daily operations.

Note: This is a strategic Governance & Compliance role, not a hands-on Security Engineering role. While the role is remote, ideal candidates will be located in Eastern Standard Timezone (EST) to interface with internal teams during normal business hours.

What You Will Own

• The ATO Mission: You are the captain of our authorization journey. You will own the readiness roadmap, manage external consultants and assessors, and drive the remediation work required to achieve and sustain compliance.

• Governance & Translation: You will translate complex federal requirements into clear, actionable steps for technical teams. You will operationalize policies so that compliance becomes part of the DNA of our infrastructure and cloud environments.

• Risk & Vigilance: You will look around corners, conducting readiness reviews, managing POA&Ms, and validating that our controls are effective—not just on paper, but in practice.

• Cross-Functional Leadership: You will serve as a trusted advisor to the C-suite and Engineering leads, providing clear visibility into risks, blockers, and timelines.

Who You Are:

• A Program Owner: you take accountability and drive outcomes
• A Builder: you design processes that work in real-world environments
• A Partner : you collaborate across teams and influence without authority
• A Translator : you turn framework language into practical action
• A Problem Solver : you see compliance as a system to improve, not paperwork to maintain

Qualifications

• Experience: 4–7+ years in GRC, Security Compliance, or Information Assurance.

• Framework Fluency: Deep, hands-on expertise with NIST 800-53 is required . Exposure to CMMC, SOC 2, or NIST 800-171 is highly valued.

• Operational Mindset: Demonstrated experience implementing controls, not just auditing or documenting them.

• Communication: Elite written communication and executive reporting skills; you can summarize complex risk postures for non-technical stakeholders.

• Citizenship: U.S. Citizenship is required to support federal compliance mandates.