GRC Program Lead

Job description

RK&K is seeking a GRC Program Lead to establish, operationalize, and scale the firm’s IT governance, risk, and compliance functions. This role provides centralized ownership of compliance efforts—including CMMC Level 2, SOC 2, and FedRAMP while ensuring alignment with business objectives, client requirements, and contractual obligations. This position serves as a critical coordination layer between IT, Legal, HR, and business leadership to ensure risks are effectively managed, controls are implemented, and compliance requirements are consistently met as the organization grows. Essential Functions: - Compliance & Framework Leadership - Lead CMMC Level 2 implementation - Lead SOC 2 Type II program development - Support FedRAMP readiness and alignment - Risk Management - Assess security risks across systems, services, projects, vendors, and control gaps - Develop and maintain enterprise risk register - Track risks across security, operations, vendor exposure, and AI/data usage - Governance & Policy Management - Develop and enforce policies (data security, privacy, acceptable use/AI, access, vendors) - Align policies to SOC 2, CMMC/NIST, and FedRAMP requirements - Manage exceptions and...