Governance, Risk, and Compliance (GRC) Functional Lead

LMI is seeking a senior Governance, Risk, and Compliance (GRC) Lead to support LMI’s Office of the Chief Information Security Officer (OCISO). This position will work collaboratively with the Chief Information Security Officer (CISO), Information Technology (IT), Cybersecurity Team, project teams, and business stakeholders to ensure cohesive success across LMI.

The GRC Lead will be responsible for delivering all GRC-related functions in compliance with CMMC/NIST 800-171, ISO 27001, and other frameworks, and developing strategy and methodologies for success. This position will provide advice and guidance across LMI for GRC-related initiatives. The GRC Lead will assess risks from system changes, new projects, vulnerabilities, and throughout the System Development Life Cycle (SDLC). They will prepare risk management recommendations for the CISO’s approval and collaborate with technical staff to develop mitigations and solutions. The GRC Lead will manage continuous monitoring activities to ensure routine assessments are performed via technical, manual, and automated means, utilizing our GRC platform to maintain control status, upload artifacts, and generate reports.

The GRC Lead will also draft and maintain current policies, procedures, and documentation, ensuring they are accurate and compliant. Support for Privacy and Export Control areas may be required. Additional duties may be assigned as needed.

• Ability to attain and maintain US Secret clearance
• Active CISSP, CISM, GSLC, C|CISO, or similar senior GRC certification
• Preferred: additional certifications such as PMP, CEH, CIPP, SANS, or technology-specific credentials
• Excellent verbal and written communication skills
• Master’s degree or Bachelor’s Degree with relevant experience
• 10 years of experience as an ISSO, ISSM, or Security Controls Assessor in a Federal environment under NIST 800-53 and NIST RMF
• Experience supporting a corporate security environment under ISO 27001, ISO 20000, ISO 9001, COBIT, COSO, or similar frameworks
• Proven success in collaborative work environments
• Leadership experience as a team lead, supervisor, or manager preferred
• Experience using GRC tools for compliance management, self-assessments, audits, artifact uploads, and continuous monitoring
• Experience conducting risk assessments on system changes, vulnerabilities, new projects, and data governance
• Participation in Change Management Boards, Architecture Review Boards, or similar teams
• Experience handling GRC functions involving Controlled Unclassified Information (CUI)
• Experience with Privacy frameworks, including the Privacy Act of 1974 and HIPAA