Governance, Risk & Compliance (GRC) Manager
Location
US-OH-Beavercreek
ID
2026-4291
| Category |
Corporate Operations
|
Position Type |
Full Time Salary
|
Riverside Overview
Riverside Research is an independent National Security Nonprofit dedicated to research and development in the national interest. We provide high-end technical services, research and development, and prototype solutions to some of the country's most challenging technical problems.
All Riverside Research opportunities require U.S. Citizenship.
Position Overview
The Manager, Governance, Risk & Compliance (GRC) leads Riverside Research's Governance, Risk, and Compliance program supporting the organization's unclassified enterprise and research information systems. Reporting to the Director of Information Security, this position is responsible for maintaining and continuously maturing Riverside's cybersecurity governance framework, enterprise risk management program, and regulatory compliance initiatives. This role serves as both a people leader and technical contributor, providing leadership for a team of GRC professionals while partnering across Information Security, Information Technology, Contracts, Human Resources, Finance, Legal, and Business Operations to ensure cybersecurity and compliance objectives align with organizational and customer requirements. The Manager owns Riverside's Cybersecurity Maturity Model Certification (CMMC) program, leading continuous readiness activities, regulatory assessments, governance initiatives, and enterprise risk management efforts to maintain the organization's strong cybersecurity posture and support Department of Defense mission requirements.
Responsibilities
Lead Riverside Research's Governance, Risk, and Compliance (GRC) program supporting the enterprise cybersecurity strategy, governance framework, and compliance objectives.
- Own Riverside's Cybersecurity Maturity Model Certification (CMMC) program, ensuring continuous readiness for annual affirmations and Certified Third-Party Assessment Organization (C3PAO) assessments.
- Lead and mentor a team of GRC Analysts, establishing priorities, developing staff, and fostering a culture of accountability, collaboration, and continuous improvement.
- Develop, maintain, and govern enterprise cybersecurity policies, standards, procedures, and supporting documentation.
- Lead Riverside's Enterprise Risk Management (ERM) program by facilitating risk identification, assessment, mitigation planning, and executive reporting.
- Drive continuous monitoring activities through operational oversight, technical auditing, internal control assessments, and compliance reviews to ensure adherence to regulatory, contractual, and organizational security requirements.
- Manage corrective action plans, findings, Plans of Action & Milestones (POA&Ms), and remediation activities through closure.
- Provide governance oversight for cybersecurity programs including identity and access management, vulnerability management, configuration management, incident response, security awareness, external information sharing, third-party risk management, and data protection.
- Partner with Information Technology and Information Security teams to ensure enterprise architecture and technology solutions align with cybersecurity strategy, regulatory requirements, and organizational risk tolerance.
- Maintain awareness of evolving FAR, DFARS, CMMC, NIST, and Department of Defense cybersecurity requirements, advising leadership on regulatory changes and organizational impacts.
- Develop executive dashboards, metrics, and reports that communicate cybersecurity posture, enterprise risk, and compliance status to senior leadership.
- Collaborate with business stakeholders including Contracts, Human Resources, Finance, Legal, Marketing, and Business Operations to integrate cybersecurity governance into business processes.
- Serve as a trusted advisor to leadership by translating cybersecurity, compliance, and enterprise risk into actionable business recommendations.
Qualifications
Required Qualifications
- Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Information Assurance, Business, or a related discipline.
- Twelve (12) years of progressively responsible experience in cybersecurity, information assurance, governance, risk, compliance, or related disciplines, including at least three (3) years of leadership experience managing technical teams or enterprise cybersecurity programs.
- Demonstrated success leading external security assessments, regulatory audits, or certification efforts within a regulated industry such as the Defense Industrial Base, government contracting, financial services, healthcare, or telecommunications.
- Strong knowledge of Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171, Department of Defense Controlled Unclassified Information (CUI) requirements, and applicable FAR and DFARS cybersecurity clauses.
- Experience developing and maintaining cybersecurity governance programs, policies, standards, and enterprise compliance initiatives.
- Strong understanding of enterprise information technology including Microsoft 365, Microsoft Entra ID, Microsoft Azure, Amazon Web Services (AWS), virtualization, and hybrid infrastructure.
- Excellent written, verbal, and presentation skills with the ability to communicate complex technical concepts to executive leadership and non-technical stakeholders.
- Demonstrated ability to lead cross-functional initiatives, influence organizational change, and build collaborative relationships across multiple business functions.
Preferred Qualifications
- Experience maintaining a certified CMMC Level 2 environment.
- Experience leading Certified Third-Party Assessment Organization (C3PAO) assessments and/or DIBCAC assessments.
- Experience leading Enterprise Risk Management (ERM) programs.
- Experience with cloud security, Data Loss Prevention (DLP), Third-Party Risk Management, Cyber Supply Chain Risk Management (C-SCRM).
- Industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in Governance, Risk and Compliance (CGRC), or Certified Cloud Security Professional (CCSP).
Global Comp
$140,000- $170,000 This represents the typical compensation range for this position based on experience, location and other factors.
Closing Statement
Riverside Research Institute is a not-for-profit, technology-oriented defense company, where service to our customers and support of our staff is our overall mission. Riverside is an affirmative action-equal opportunity employer and complies with all applicable federal, state, and local laws regarding recruitment and hiring. Riverside offers comprehensive compensation and benefit packages to our employees.
Riverside bases its employment decisions solely on technical experience, qualifications and other job-related criteria related to our organizational purpose as a not-for-profit company, and without regard to race, color, religion, age, sex marital status, sexual orientation, national origin, physical or mental disability, veteran's status or any other status legally protected by applicable federal, state, and local law.
|