GRC Lead

GRC Lead ARRO Systems LLC Jacksonville, FL Job Details Full-time 14 hours ago Qualifications Project team coordination

NIST SP 800-53

Leading team collaboration initiatives Management reporting Cross-functional team management Cross-functional communication Stakeholder management

Full Job Description GRC Lead Department:

Compliance Location:

Remote Reports to:

Executive Director Direct Reports:

None (hands-on program lead) Summary The GRC Lead will lead ARRO's effort to achieve and maintain authorization and compliance across federal and industry frameworks—including NIST 800-53, CMMC, and SOC 2. This role owns the ATO readiness roadmap : partnering with consultants, coordinating remediation work, operationalizing controls, and ensuring that security and compliance practices are fully implemented and sustained across the organization. The ideal candidate is both strategic and hands-on—comfortable leading cross-functional efforts while also doing the work required to build a strong, repeatable compliance program. This is not a technical engineering role . The GRC Lead defines compliance and control requirements and works with Technology teams to ensure activities such as continuous monitoring, control implementation, and penetration testing are planned, executed, and evidenced in alignment with compliance needs. Key Responsibilities ATO Readiness & Compliance Leadership Lead ARRO's effort to achieve and sustain compliance with NIST 800-53, CMMC, and SOC 2, with a primary focus on ATO readiness and control implementation. Own the ATO readiness plan, milestones, and progress tracking, ensuring remediation work moves forward across teams. Coordinate closely with external consultants, assessors, and audit partners, translating guidance into actionable steps for the organization. Provide clear, executive-level updates on risks, readiness progress, blockers, and timelines. Governance, Policy, & Control Implementation Develop, refine, and operationalize security and compliance policies, standards, and procedures. Ensure controls are implemented, documented, and evidenced across infrastructure, cloud, and application environments. Work with Technology, Product, and Operations leaders to embed compliance requirements into day-to-day workflows and decision-making. Establish repeatable processes for evidence collection, control ownership, and ongoing accountability. Risk Management & Continuous Monitoring Conduct internal readiness reviews and validate control effectiveness across systems and processes. Maintain remediation plans / POA&M and drive timely closure of identified gaps. Support ongoing risk assessments, vendor security reviews, and corrective action activities. Help lay the foundation for continuous monitoring and recurring audit preparedness. Cross-Functional Collaboration & Stakeholder Alignment Lead cross-functional working sessions to guide teams through what needs to be done, why it matters, and how to implement it effectively. Serve as a trusted partner and advisor to Engineering, Infrastructure, and Operations teams on compliance impacts. Communicate expectations, responsibilities, and deadlines clearly, ensuring alignment across all stakeholders. Program Maturity & Process Improvement Identify opportunities to strengthen and scale ARRO's governance, risk, and compliance practices. Build sustainable, documented processes that reduce reliance on one-off effort or ad-hoc interpretation. Support internal security awareness initiatives and help cultivate a culture of accountability and compliance excellence. Qualifications 4-7 years experience in GRC, security compliance, or related roles Hands-on experience with

NIST 800-53

(required) Exposure to

CMMC, SOC

2, or

NIST 800-171

environments Demonstrated experience implementing (not just documenting) controls Strong project leadership skills with ability to coordinate across functions Excellent written communication and executive reporting ability U.S. citizenship; ability to support federal compliance requirements Who you are A Program Owner — you take accountability and drive outcomes A Builder — you design processes that work in real-world environments A Partner — you collaborate across teams and influence without authority A Translator — you turn framework language into practical action A Problem Solver — you see compliance as a system to improve, not paperwork to maintain Why

ARRO ARRO

empowers mission leaders and first responders with trusted, unified tools that simplify complex missions and build confidence before crises. As a GRC Lead, you'll play a critical role in ensuring our technology and operations meet the highest standards of security and compliance—so our customers can act with clarity and confidence when it matters most. This GRC Lead position at ARRO is a hands-on program leadership role focused on achieving and maintaining compliance with federal and industry frameworks, specifically NIST 800-53, CMMC, and SOC 2, with a primary emphasis on Authority to Operate (ATO) readiness. You will own the ATO roadmap, coordinate remediation efforts, operationalize security controls, and ensure compliance practices are fully implemented and sustained across the organization. This role involves defining compliance requirements and collaborating with technology teams to integrate continuous monitoring, control implementation, and penetration testing, rather than being a technical engineering position. The ideal candidate will have 4-7 years of experience in GRC or security compliance, with essential hands-on experience in NIST 800-53 and exposure to

CMMC, SOC

2, or

NIST 800-171.

Strong project leadership skills, excellent written communication, and the ability to coordinate cross-functional teams are crucial. You should be a proactive program owner, a builder of sustainable processes, and a collaborative partner capable of translating complex framework language into practical actions, all while being a U.S. citizen to support federal compliance requirements.