Mach Industries · 1 month ago
Governance, Risk, and Compliance Lead (GRC)
Huntington Beach
Full-time
Onsite
Senior Level
$120K/yr - $190K/yr
7+ years expMach Industries is a rapidly growing defense technology company focused on developing next-generation autonomous defense platforms. The Governance, Risk, and Compliance Lead (GRC) will drive security and compliance initiatives, manage key certifications, and safeguard the company’s systems and data.
Drone ManagementIndustrialInfrastructureManufacturingNational Security
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Develop and maintain System Security Plans (SSPs) and supporting documentation aligned with NIST 800-171 and CMMC practices
Conduct regular security control assessments, perform gap analyses, and update Plans of Action and Milestones (POA&Ms)
Lead audit preparation, execution, and remediation efforts for certifications such as CMMC, ISO 27001, and other industry-aligned standards
Collaborate with cross-functional teams (Security, IT, Legal, Engineering) to implement and track control requirements
Monitor regulatory obligations and maintain audit readiness through continuous assessment and documentation
Collaborate with engineering and manufacturing teams to establish and enforce secure handling and operational processes
Recommend remediation strategy, track remediation efforts, and collaborate closely with IT, DevOps, and business teams
Conduct comprehensive cybersecurity audits to ensure compliance with CMMC, DFARS 7012, NIST 800-171, STIG, and other relevant regulations
Analyze and assess various data types, including Controlled Unclassified Information (CUI), Controlled Technical Information (CTI), Federal Contract Information (FCI), International Traffic in Arms Regulations (ITAR), and Export Administration Regulation (EAR99)
Support the development and rollout of security awareness training to ensure users understand responsibilities and best practices
Ensure training completion and maintain accurate compliance records; other duties as assigned
Qualification
Required
7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience
Experience managing or contributing to ISO 27001, NIST 800-171, DFARS 1017, or STIGs
Extensive knowledge of multiple federal government network security processes and procedures
Technical background with understanding or hands-on experience in Information Technology environments and web technologies
Proven track record building, testing, and delivering production-grade embedded and/or Linux-based systems
Cybersecurity Risk Management or Information Assurance related certifications
Comfortable owning large initiatives end-to-end with minimal oversight
Eligible to obtain and maintain an active U.S. Secret security clearance
Preferred
Professional certifications such as Security+, CISSP, CISA, ISO Lead Auditor, or CRISC
Knowledge of security architectures for embedded, aerospace, and cyber-physical systems
Experience with implementing CMMC security controls within Google Workspaces
Experience in infrastructure-as-code (e.g. Terraform, CloudFormation)
Proven track record of leading engineers through complex, hands-on work
Benefits
Health insurance
Retirement plans
Opportunities for professional development
Company
Mach Industries
Mach Industries is a defense manufacturing company that develops unmanned systems and defense infrastructure.
51-200 employees
Funding
Current Stage
Growth StageTotal Funding
$184.7MKey Investors
BedrockSequoia Capital
2025-06-17Series B· $100M
2023-10-04Series A· $79M
2023-06-15Seed· $5.7M
Leadership Team
Ethan Thornton
Member
Recent News
Company data provided by crunchbase