About Mach Industries

Founded in 2022, Mach Industries is a rapidly growing defense technology company focused on developing next-generation autonomous defense platforms. At the core of our mission is the commitment to delivering scalable, decentralized defense systems that enhance the strategic capabilities of the United States and its allies. With a workforce of approximately 180 employees, we operate with startup agility and ambition.

Our vision is to redefine the future of warfare through cutting-edge manufacturing, innovation at speed, and unwavering focus on national security. We are dedicated to solving the next generation of warfare with lethal systems that deter kinetic conflict and protect global security.

The Role

We’re seeking a Governance, Risk, and Compliance Lead (GRC) to own our security and compliance initiatives across the organization. This role will drive the execution of key certifications such as CMMC, ISO 27001, and other industry-related standards, ensuring readiness through audit prep, documentation, and cross-functional coordination.

The ideal candidate has a background in cybersecurity, cyber assurance, or software engineering with deep expertise in security compliance. The GRC Lead develops and enforces governance policies, conducts risk assessments, manages the organization’s System Security Plan (SSP) and Plan of Action and Milestones (POA&M), and leads efforts to achieve and maintain CMMC certification. This role is critical in safeguarding the company’s systems and data. They will also monitor internal controls, track remediation efforts, and help align teams with regulatory and contractual requirements. Ideal candidates have a strong understanding of compliance frameworks, excellent communication skills, and experience managing audits in fast-paced environments.

Key Responsibilities

• Develop and maintain System Security Plans (SSPs) and supporting documentation aligned with NIST 800-171 and CMMC practices.

• Conduct regular security control assessments, perform gap analyses, and update Plans of Action and Milestones (POA&Ms).

• Lead audit preparation, execution, and remediation efforts for certifications such as CMMC, ISO 27001, and other industry-aligned standards.

• Collaborate with cross-functional teams (Security, IT, Legal, Engineering) to implement and track control requirements.

• Monitor regulatory obligations and maintain audit readiness through continuous assessment and documentation.

• Collaborate with engineering and manufacturing teams to establish and enforce secure handling and operational processes.

• Recommend remediation strategy, track remediation efforts, and collaborate closely with IT, DevOps, and business teams.

• Conduct comprehensive cybersecurity audits to ensure compliance with CMMC, DFARS 7012, NIST 800-171, STIG, and other relevant regulations.

• Analyze and assess various data types, including Controlled Unclassified Information (CUI), Controlled Technical Information (CTI), Federal Contract Information (FCI), International Traffic in Arms Regulations (ITAR), and Export Administration Regulation (EAR99).

• Support the development and rollout of security awareness training to ensure users understand responsibilities and best practices.

• Ensure training completion and maintain accurate compliance records; other duties as assigned.

Required Qualifications

• 7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience.

• Experience managing or contributing to ISO 27001, NIST 800-171, DFARS 1017, or STIGs.

• Extensive knowledge of multiple federal government network security processes and procedure

• Technical background with understanding or hands-on experience in Information Technology environments and web technologies.

• Proven track record building, testing, and delivering production-grade embedded and/or Linux-based systems.

• Cybersecurity Risk Management or Information Assurance related certifications

• Comfortable owning large initiatives end-to-end with minimal oversight.

• Eligible to obtain and maintain an active U.S. Secret security clearance.

Preferred Qualifications

• Professional certifications such as Security+, CISSP, CISA, ISO Lead Auditor, or CRISC.

• Knowledge of security architectures for embedded, aerospace, and cyber-physical systems.

• Experience with implementing CMMC security controls within Google Workspaces.

• Experience in infrastructure-as-code (e.g. Terraform, CloudFormation).

• Proven track record of leading engineers through complex, hands-on work.

Disclosures

This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR).  Please note that any offer for employment may be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations without sponsorship for an export license.

Mach participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.

The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offers may vary based on (but not limited to) work experience, education and training, critical skills, and business considerations. Highly competitive equity grants are included in most offers and are considered part of Mach’s total compensation package. Mach offers benefits such as health insurance, retirement plans, and opportunities for professional development.

Mach is an equal opportunity employer committed to creating a diverse and inclusive workplace. All qualified applicants will be treated with respect and receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, Veteran status, age, or any other protected characteristic per federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws. If you’d like to defend the American way of life, please reach out!