<p>*Email brendan.steele@rht(.com) for consideration*</p><p><br></p><p>Robert Half (Technology Solutions) is searching for a Lead GRC Analyst (CMMC / Cybersecurity) + a Jr. GRC Analyst (CMMC / Cybersecurity) with experience in CMMC L2 assessments, GRC, NIST/ISO, Controls, Audit, Risk & Compliance ownership, etc. If this sounds like your background, then this GRC Analyst role(s) is for you. For this opportunity, you will work hybrid remote in Los Angeles, CA area.</p><p><br></p><p><strong>Positions</strong>: Lead / Junior GRC Analyst (CMMC / Cybersecurity)</p><p><strong>Hours/Duration</strong>: 40 hrs/wk, M-F, PST Hours, CTH/FTE (3-6 Months to Convert)</p><p><strong>Top Skills</strong>: CMMC 2.0, GRC, NIST/ISO, Controls, Assessments, Risk & Compliance Ownership</p><p><strong>Onsite/Remote</strong>: <em>Hybrid Remote</em></p><p><strong>Company:</strong> Startup / Aerospace Manufacturing</p><p><br></p><p><strong>GRC Lead:</strong></p><ul><li>Own the entire risk and compliance program around CMMC 2.0 end-to-end, through the C3PAO assessment</li><li>Expand the program beyond CMMC over time into NIST 800-53, ISO 27001/27002, and future frameworks as the company grows</li><li>M&A compliance integration — bring acquired entities into GRC alignment with each acquisition</li><li>Customer onboarding compliance — partner with Legal and the federal acquisition process; own customer security questionnaires and ensure compliance through new customer onboarding</li><li>Supply chain risk management — assess supplier compliance status, gap-to-compliant analysis, and remediation paths to bring suppliers current</li></ul><p><strong>GRC Analyst:</strong></p><ul><li>Execution arm of the GRC program under the lead’s direction</li><li>Control implementation legwork with internal teams — evidence collection, success criteria documentation, validation support</li><li>Policy/procedure drafting and refinement to audit-ready standard</li><li>POA&M upkeep, SPRS hygiene, questionnaire response support</li><li>C3PAO assessment prep support (evidence organization, artifact readiness)</li></ul>