Peraton
Required Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field (Master’s preferred).
10+ years of experience in cybersecurity governance, risk, and compliance.
Deep knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS, COBIT).
Strong understanding of data privacy regulations and compliance requirements.
Proven leadership experience with the ability to influence at all levels.
Professional certifications such as CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Implementer highly desirable.
US Citizenship.
Must have the ability to obtain / maintain a Public Trust clearance.
Preferred Qualifications
CISSP, CISM, or CISA
CRISC, CGRC (formerly CAP), or similar GRC certifications
PMP or program management certification
FAA background or aviation/critical infrastructure cyber experience highly desirable
The Governance, Risk and Compliance (GRC) Lead for the FAA BNATC contract provides operational leadership and direction for cybersecurity, compliance, and risk activities supporting FAA mission systems and enterprise services. This role is responsible for establishing and maintaining cybersecurity policies, standards, and procedures tailored to FAA environments. The successful candidate will perform risk assessments, POA&M activities, security control implementation, and monitoring in compliance with NIST SP 800-53 and FAA ISSO guidance as well as ensure full lifecycle support for ATO packages and security authorizations.
The GRC Lead serves as the primary GRC manager to the CISO, ensuring secure operations for critical systems supporting the National Airspace System (NAS) and related FAA infrastructure.
Key Responsibilities Cybersecurity Governance
Establish and maintain cybersecurity policies, standards, and frameworks (ISO 27001, NIST CSF, CIS Controls).
Drive alignment of cybersecurity initiatives with enterprise risk management and corporate governance.
Report regularly to executive leadership and the board on cybersecurity posture and compliance status.
Risk Management
Lead enterprise-wide cyber risk assessments, threat modeling, and vulnerability management.
Maintain and update the cybersecurity risk register, ensuring mitigation plans are tracked and executed.
Partner with IT and business units to embed cyber risk awareness into daily operations.
Compliance & Privacy
Ensure compliance with global regulations and standards (GDPR, HIPAA, SOX, PCI-DSS, CCPA).
Oversee audits, penetration tests, and regulatory reviews.
Monitor emerging cybersecurity and privacy legislation, advising leadership on potential impacts.
Incident Response & Resilience
Collaborate with the Security Operations Center (SOC) and IT teams to strengthen incident response protocols.
Ensure business continuity and disaster recovery plans are tested and effective.
Champion a culture of cyber resilience across the organization.
Leadership & Collaboration
Build and lead a high-performing cybersecurity GRC team.
Foster cross-functional collaboration with Legal, IT, Risk, and Compliance departments.
Promote a culture of security awareness and ethical responsibility.
#J-18808-Ljbffr
Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field (Master’s preferred).
10+ years of experience in cybersecurity governance, risk, and compliance.
Deep knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS, COBIT).
Strong understanding of data privacy regulations and compliance requirements.
Proven leadership experience with the ability to influence at all levels.
Professional certifications such as CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Implementer highly desirable.
US Citizenship.
Must have the ability to obtain / maintain a Public Trust clearance.
Preferred Qualifications
CISSP, CISM, or CISA
CRISC, CGRC (formerly CAP), or similar GRC certifications
PMP or program management certification
FAA background or aviation/critical infrastructure cyber experience highly desirable
The Governance, Risk and Compliance (GRC) Lead for the FAA BNATC contract provides operational leadership and direction for cybersecurity, compliance, and risk activities supporting FAA mission systems and enterprise services. This role is responsible for establishing and maintaining cybersecurity policies, standards, and procedures tailored to FAA environments. The successful candidate will perform risk assessments, POA&M activities, security control implementation, and monitoring in compliance with NIST SP 800-53 and FAA ISSO guidance as well as ensure full lifecycle support for ATO packages and security authorizations.
The GRC Lead serves as the primary GRC manager to the CISO, ensuring secure operations for critical systems supporting the National Airspace System (NAS) and related FAA infrastructure.
Key Responsibilities Cybersecurity Governance
Establish and maintain cybersecurity policies, standards, and frameworks (ISO 27001, NIST CSF, CIS Controls).
Drive alignment of cybersecurity initiatives with enterprise risk management and corporate governance.
Report regularly to executive leadership and the board on cybersecurity posture and compliance status.
Risk Management
Lead enterprise-wide cyber risk assessments, threat modeling, and vulnerability management.
Maintain and update the cybersecurity risk register, ensuring mitigation plans are tracked and executed.
Partner with IT and business units to embed cyber risk awareness into daily operations.
Compliance & Privacy
Ensure compliance with global regulations and standards (GDPR, HIPAA, SOX, PCI-DSS, CCPA).
Oversee audits, penetration tests, and regulatory reviews.
Monitor emerging cybersecurity and privacy legislation, advising leadership on potential impacts.
Incident Response & Resilience
Collaborate with the Security Operations Center (SOC) and IT teams to strengthen incident response protocols.
Ensure business continuity and disaster recovery plans are tested and effective.
Champion a culture of cyber resilience across the organization.
Leadership & Collaboration
Build and lead a high-performing cybersecurity GRC team.
Foster cross-functional collaboration with Legal, IT, Risk, and Compliance departments.
Promote a culture of security awareness and ethical responsibility.
#J-18808-Ljbffr