About Mach Industries

Founded in 2022 Mach Industries is a rapidly growing defense technology company focused on developing next-generation autonomous defense platforms. At the core of our mission is the commitment to delivering scalable decentralized defense systems that enhance the strategic capabilities of the United States and its allies. With a workforce of approximately 180 employees we operate with startup agility and ambition.

Our vision is to redefine the future of warfare through cutting-edge manufacturing innovation at speed and unwavering focus on national security. We are dedicated to solving the next generation of warfare with lethal systems that deter kinetic conflict and protect global security.

The Role

Were seeking a Governance Risk and Compliance Lead (GRC) to own our security and compliance initiatives across the organization. This role will drive the execution of key certifications such as CMMC ISO 27001 and other industry-related standards ensuring readiness through audit prep documentation and cross-functional coordination.

The ideal candidate has a background in cybersecurity cyber assurance or software engineering with deep expertise in security compliance. The GRC Lead develops and enforces governance policies conducts risk assessments manages the organizations System Security Plan (SSP) and Plan of Action and Milestones (POA&M) and leads efforts to achieve and maintain CMMC certification. This role is critical in safeguarding the companys systems and data. They will also monitor internal controls track remediation efforts and help align teams with regulatory and contractual requirements. Ideal candidates have a strong understanding of compliance frameworks excellent communication skills and experience managing audits in fast-paced environments.

Key Responsibilities

• Develop and maintain System Security Plans (SSPs) and supporting documentation aligned with NIST 800-171 and CMMC practices.

• Conduct regular security control assessments perform gap analyses and update Plans of Action and Milestones (POA&Ms).

• Lead audit preparation execution and remediation efforts for certifications such as CMMC ISO 27001 and other industry-aligned standards.

• Collaborate with cross-functional teams (Security IT Legal Engineering) to implement and track control requirements.

• Monitor regulatory obligations and maintain audit readiness through continuous assessment and documentation.

• Collaborate with engineering and manufacturing teams to establish and enforce secure handling and operational processes.

• Recommend remediation strategy track remediation efforts and collaborate closely with IT DevOps and business teams.

• Conduct comprehensive cybersecurity audits to ensure compliance with CMMC DFARS 7012 NIST 800-171 STIG and other relevant regulations.

• Analyze and assess various data types including Controlled Unclassified Information (CUI) Controlled Technical Information (CTI) Federal Contract Information (FCI) International Traffic in Arms Regulations (ITAR) and Export Administration Regulation (EAR99).

• Support the development and rollout of security awareness training to ensure users understand responsibilities and best practices.

• Ensure training completion and maintain accurate compliance records; other duties as assigned.

Required Qualifications

• 710 years of cybersecurity risk compliance audit or GRC program experience.

• Experience managing or contributing to ISO 27001 NIST 800-171 DFARS 1017 or STIGs.

• Extensive knowledge of multiple federal government network security processes and procedure

• Technical background with understanding or hands-on experience in Information Technology environments and web technologies.

• Proven track record building testing and delivering production-grade embedded and/or Linux-based systems.

• Cybersecurity Risk Management or Information Assurance related certifications

• Comfortable owning large initiatives end-to-end with minimal oversight.

• Eligible to obtain and maintain an active U.S. Secret security clearance.

Preferred Qualifications

• Professional certifications such as Security CISSP CISA ISO Lead Auditor or CRISC.

• Knowledge of security architectures for embedded aerospace and cyber-physical systems.

• Experience with implementing CMMC security controls within Google Workspaces.

• Experience in infrastructure-as-code (e.g. Terraform CloudFormation).

• Proven track record of leading engineers through complex hands-on work.

Disclosures

This position may require access to information protected under U.S. export control laws and regulations including the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR). Please note that any offer for employment may be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations without sponsorship for an export license.

Mach participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.

The salary range for this role is an estimate based on a wide range of compensation factors inclusive of base salary only. Actual salary offers may vary based on (but not limited to) work experience education and training critical skills and business considerations. Highly competitive equity grants are included in most offers and are considered part of Machs total compensation package. Mach offers benefits such as health insurance retirement plans and opportunities for professional development.

Mach is an equal opportunity employer committed to creating a diverse and inclusive workplace. All qualified applicants will be treated with respect and receive equal consideration for employment without regard to race color creed religion sex gender identity sexual orientation national origin disability uniform service Veteran status age or any other protected characteristic per federal state or local law including those with a criminal history in a manner consistent with the requirements of applicable state and local laws. If youd like to defend the American way of life please reach out!