Governance, Risk, and Compliance Lead

The Governance Risk and Compliance (GRC) Lead for the FAA BNATC contract provides operational leadership and direction for cybersecurity compliance and risk activities supporting FAA mission systems and enterprise services. This role is responsible for establishing and maintaining cybersecurity policies standards and procedures tailored to FAA environments. The successful candidate will perform risk assessments POA&M activities security control implementation and monitoring in compliance with NIST SP 800-53 and FAA ISSO guidance as well as ensure full lifecycle support for ATO packages and security authorizations.

The GRC Lead serves as the primary GRC manager to the CISO ensuring secure operations for critical systems supporting the National Airspace System (NAS) and related FAA infrastructure.

Key Responsibilities:

Cybersecurity Governance

• Establish and maintain cybersecurity policies standards and frameworks (ISO 27001 NIST CSF CIS Controls).
• Drive alignment of cybersecurity initiatives with enterprise risk management and corporate governance.
• Report regularly to executive leadership and the board on cybersecurity posture and compliance status.

Risk Management

• Lead enterprise-wide cyber risk assessments threat modeling and vulnerability management.
• Maintain and update the cybersecurity risk register ensuring mitigation plans are tracked and executed.
• Partner with IT and business units to embed cyber risk awareness into daily operations.

Compliance & Privacy

• Ensure compliance with global regulations and standards (GDPR HIPAA SOX PCI-DSS CCPA).
• Oversee audits penetration tests and regulatory reviews.
• Monitor emerging cybersecurity and privacy legislation advising leadership on potential impacts.

Incident Response & Resilience

• Collaborate with the Security Operations Center (SOC) and IT teams to strengthen incident response protocols.
• Ensure business continuity and disaster recovery plans are tested and effective.
• Champion a culture of cyber resilience across the organization.

Leadership & Collaboration

• Build and lead a high-performing cybersecurity GRC team.
• Foster cross-functional collaboration with Legal IT Risk and Compliance departments.
• Promote a culture of security awareness and ethical responsibility.

Required Qualifications

• Bachelors degree in Cybersecurity Information Technology Risk Management or related field (Masters preferred).
• 10 years of experience in cybersecurity governance risk and compliance.
• Deep knowledge of cybersecurity frameworks (NIST ISO 27001 CIS COBIT).
• Strong understanding of data privacy regulations and compliance requirements.
• Proven leadership experience with the ability to influence at all levels.
• Professional certifications such as CISSP CISM CRISC CISA or ISO 27001 Lead Implementer highly desirable.
• US Citizenship.
• Must have the ability to obtain / maintain a Public Trust clearance.

Preferred Qualifications

• CISSP CISM or CISA
• CRISC CGRC (formerly CAP) or similar GRC certifications
• PMP or program management certification
• FAA background or aviation/critical infrastructure cyber experience highly desirable

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.