Security GRC Analyst

SUMMARY The Security GRC Analyst strengthens ARRO’s compliance and security posture by ensuring our systems, policies, and practices align with federal and industry standards—including NIST 800-53, CMMC, and SOC 2. This role blends governance and execution: developing policies that protect our organization, testing them alongside our Technology teams, and continuously improving how we manage risk. The ideal candidate understands both the intent of compliance frameworks and the realities of implementation in an operational environment. KEY RESPONSIBILITIES Governance & Compliance • Lead ongoing compliance efforts for security frameworks including NIST 800-53, CMMC, and SOC 2. • Develop, document, and maintain security and compliance policies, standards, and procedures. • Coordinate and prepare evidence for audits and assessments. • Monitor for regulatory or framework changes and update internal controls accordingly. Risk Management & Control Testing • Identify and evaluate risks across systems, data, and processes. • Partner with Technology teams to design, implement, and test internal controls. • Conduct periodic internal reviews to validate compliance and control effectiveness. • Track and drive remediation of any identified gaps or findings. Collaboration & Coordination • Work cross-functionally with software, infrastructure, and operations teams to embed compliance requirements into daily practices. • Support vendor risk management and review processes for third-party systems and services. • Maintain clear, consistent communication with stakeholders on compliance goals, progress, and issues. Continuous Improvement • Identify opportunities to improve our governance, risk, and compliance programs. • Support internal security awareness and training initiatives. • Build repeatable processes and documentation that strengthen ARRO’s long-term compliance readiness. QUALIFICATIONS Qualifications • Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience). • 5+ years of experience in information security, compliance, or GRC roles. • Hands-on experience with NIST 800-53 (required). • Familiarity with frameworks such as CMMC, SOC 2, or NIST 800-171. • Strong understanding of IT and security controls across infrastructure, cloud, and application environments. • Proven ability to develop policies, implement controls, and perform internal compliance testing. • Excellent communication and project management skills—able to coordinate across teams and manage competing priorities. • U.S. citizenship and ability to obtain a government security clearance if required by contracts. Who you are • A Guardian: You protect the organization through vigilance and discipline, ensuring security and compliance are never compromised. • A Builder: You turn frameworks into living systems—designing practical, repeatable processes that stand up to real-world use. • A Collaborator: You work seamlessly across technology, operations, and leadership teams to embed compliance into daily practice. • A Translator: You turn technical requirements into clear, actionable steps others can understand and follow. • A Problem Solver: You approach compliance as a system to improve, not just a checklist to complete—always seeking smarter, stronger ways to manage risk. Why ARRO ARRO empowers mission leaders and first responders with trusted, unified tools that simplify complex missions and build confidence before crises. As a Security GRC Analyst, you’ll play a critical role in ensuring our technology and operations meet the highest standards of security and compliance—so our customers can act with clarity and confidence when it matters most. The Security GRC Analyst at ARRO is responsible for strengthening the company's compliance and security posture by aligning systems, policies, and practices with federal and industry standards like NIST 800-53, CMMC, and SOC 2. This role involves developing and maintaining security and compliance policies, coordinating audits, managing risks, and collaborating with technology teams to implement and test internal controls. The analyst will also monitor regulatory changes, track remediation efforts, support vendor risk management, and contribute to continuous improvement of governance, risk, and compliance programs. The ideal candidate will have a bachelor's degree in computer science, Information Security, or a related field, along with 5+ years of experience in information security, compliance, or GRC roles. Hands-on experience with NIST 800-53 is required, and familiarity with frameworks like CMMC, SOC 2, or NIST 800-171 is preferred. Strong communication, project management skills, and the ability to work cross-functionally are essential. The role requires U.S. citizenship and the ability to obtain a government security clearance if needed. Apply tot his job