GRC Program Lead

GRC Program Lead

RK&K - 4.1

Baltimore, MD Job Details $93,397 - $131,389 a year 1 day ago Benefits Paid parental leave Paid holidays Disability insurance Dental insurance Tuition reimbursement Paid time off Parental leave Vision insurance 401(k) matching Opportunities for advancement Qualifications CMMC Certified Information Systems Auditor 7 years Internal controls FedRAMP Incident management Regulatory compliance CISSP Compliance audits & assessments

SOC 2 CCSP CISM

Information security compliance Key Performance Indicators Policy & process development Bachelor's degree NIST standards Investigation evidence collection Security policy implementation Third-party risk management Business continuity planning Vulnerability management

ISO 27001

Proper evidence handling Root cause analysis Senior level AI Cross-functional collaboration Incident response implementation Vendor risk management Information security auditing CRISC Cross-functional communication IT disaster recovery planning Full Job Description RK&K is seeking a GRC Program Lead to establish, operationalize, and scale the firm's IT governance, risk, and compliance functions. This role provides centralized ownership of compliance efforts—including CMMC Level 2, SOC 2, and FedRAMP while ensuring alignment with business objectives, client requirements, and contractual obligations. This position serves as a critical coordination layer between IT, Legal, HR, and business leadership to ensure risks are effectively managed, controls are implemented, and compliance requirements are consistently met as the organization grows. Essential Functions Compliance & Framework Leadership Lead CMMC Level 2 implementation Lead SOC 2 Type II program development Support FedRAMP readiness and alignment Risk Management Assess security risks across systems, services, projects, vendors, and control gaps Develop and maintain enterprise risk register Track risks across security, operations, vendor exposure, and AI/data usage Governance & Policy Management Develop and enforce policies (data security, privacy, acceptable use/AI, access, vendors) Align policies to SOC 2, CMMC/NIST, and FedRAMP requirements Manage exceptions and risk acceptance processes AI Governance & Emerging Risk Define governance for enterprise AI usage Partner with IT to enforce policies and monitor misuse/data leakage Vendor Risk & Contract Compliance Conduct vendor security and compliance reviews Partner with Legal on contract risk and compliance Track contractual compliance obligations Security Governance Oversight Oversee vulnerability management and endpoint/device compliance Define and track security baselines Validate control effectiveness through evidence-based assessments Audit & Assessment Management Coordinate

CMMC, SOC

2, client audits, and FedRAMP readiness reviews Manage evidence collection, audit responses, remediation, and closure Incident Governance & Response Establish governance for incident response processes Ensure proper documentation, classification, root cause analysis, and improvements Track trends and report risks to leadership Cross-Functional Leadership & Metrics Act as GRC liaison across IT, Legal, HR, and Operations Oversee business continuity and disaster recovery planning/testing Define and track KPIs, KRIs, and control effectiveness GRC Platform Ownership Own and manage the Vanta platform Required Skills and Experience Bachelor's degree in a related field OR equivalent practical experience 7+ years of experience in GRC, cybersecurity, or compliance Experience with: Owning and operating enterprise compliance programs

CMMC / NIST SP 800-171 SOC 2

(implementation and audit support) NIST frameworks Cross-functional coordination Preferred Skills and Experience Experience with FedRAMP readiness or audits Professional certifications such as CISA, CISSP, CISM, CRISC, CCSP, or

ISO 27001

Lead Implementer/Auditor Experience in federal contracting or regulated/public sector environments Experience with Vanta Trust Management Platform Other Duties This job description indicates the general nature and level of work, knowledge, skills, abilities, and other essential functions (as covered under ADA). It is not designed to cover or contain a comprehensive listing of all activities and duties required. Other duties may be assigned as required. What We Offer RK&K offers excellent potential for career advancement and professional growth. We also offer attractive compensation packages commensurate with experience and a comprehensive benefits package including: Paid time off Matching 401(k) plan Student Loan Retirement Match Program Paid holidays Tuition reimbursement Health, dental, vision, life, and disability insurance Paid parental leave Wellness programs and employee resource groups Career development opportunities Much, much more! Why RK&K? As a full-service engineering and construction management firm, RK&K gives you the opportunity to directly impact the communities in which we live and work. What sets RK&K apart is an award-winning culture that has fostered collaboration and trust for over 100 years. The firm delivers innovative solutions designed for success and has earned a reputation as a trusted partner, responsive employer, and community steward. Design your career at RK&K - Apply Today!

Salary Range:

$93,397 - $131,389