Governance, Risk & Compliance (GRC) Manager

Responsibilities

• Compliance Program Ownership
• Own Northwood's compliance program across CMMC Level 2, FedRAMP, SOC 2 Type II, and ITAR, including control mapping, gap assessment, remediation tracking, and audit preparation.
• Maintain Northwood's System Security Plan (SSP), Plan of Action and Milestones (POA&M), and associated compliance documentation in alignment with NIST 800-171 and applicable frameworks.
• Coordinate and manage third-party assessments, including C3PAO engagements for CMMC, FedRAMP 3PAO assessments, and SOC 2 audits, serving as the primary assessor liaison.
• Monitor the regulatory environment for changes to CMMC, FedRAMP, DFARS, and ITAR requirements and assess impact on Northwood's compliance posture.
• Risk Management
• Build and maintain Northwood's enterprise risk management program, including risk register development, risk scoring methodology, and executive-level risk reporting.
• Conduct and facilitate periodic risk assessments across security domains, incorporating input from security engineering, network, product, and operations teams.
• Identify, track, and drive remediation of compliance gaps and security control deficiencies, working directly with technical teams to ensure timely closure.
• Develop and maintain risk acceptance processes, exception management workflows, and compensating control documentation.
• Policy & Control Framework
• Develop, maintain, and enforce Northwood's security policy library, including acceptable use, access control, incident response, data classification, and CUI handling policies.
• Map Northwood's control environment across overlapping frameworks - NIST 800-171, NIST 800-53, SOC 2 Trust Services Criteria, and FedRAMP - to reduce duplicative compliance effort and maximize control reuse.
• Define and maintain the control evidence collection program, ensuring audit artifacts are continuously gathered, organized, and accessible for assessment cycles.
• Partner with the Security Engineering Lead, Security Operations Lead, and Product Security Lead to validate that technical controls are implemented in alignment with documented policies and compliance requirements.
• ITAR & CUI Program Management
• Own Northwood's CUI program, including data classification guidance, CUI handling procedures, marking standards, and employee training.
• Maintain ITAR compliance program documentation, including technology control plans, export authorization tracking, and coordination with Northwood's legal counsel on regulatory obligations.
• Ensure network segmentation, access controls, and data handling practices across Northwood's infrastructure appropriately enforce CUI and ITAR boundaries in coordination with security and network engineering teams.
• Audit Readiness & Stakeholder Engagement
• Serve as the primary compliance point of contact for government customers, prime contractors, and subcontractors, including responding to security questionnaires, flow-down requirement reviews, and customer audit requests.
• Build and maintain audit readiness posture year-round, ensuring evidence collection, control testing, and documentation currency do not become point-in-time exercises.
• Brief executive leadership and the Head of Security on compliance status, upcoming assessment milestones, and material risk items requiring business-level decisions.
• Develop and deliver security awareness and compliance training programs for Northwood employees, with targeted content for personnel handling CUI or operating in ITAR-controlled environments.

Requirements

• 5+ years in a governance, risk, and compliance role with demonstrated ownership of enterprise compliance p

Additional Information

About Northwood: Northwood is a modern space infrastructure company focused on connecting space and Earth. The world runs on space. Space will run on Northwood. Our global ground network ensures that missions ranging from national security, to global connectivity, to disaster response can unlock their full potential and operate every day without fail. Role Overview As Governance, Risk & Compliance (GRC) Lead, you will own Northwood's compliance program across CMMC, FedRAMP, SOC 2, and ITAR - building the policies, processes, and evidence frameworks that enable the company to operate as a trusted dual-use space communications provider. This is a senior individual contributor role for a practitioner who combines deep regulatory knowledge with the technical fluency to work directly with security engineering, network, and product teams to translate compliance requirements into operational reality. You will serve as the primary point of contact for government customers, third-party assessors, and internal stakeholders on all matters related to compliance posture, risk management, and audit readiness. You will work across Northwood's full security stack - spanning on-premises infrastructure, AWS GovCloud, GCC, and corporate systems - to ensure controls are implemented, documented, and defensible. This role reports to the Head of Security.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at northwoodspace? Share your experience