GRC Analyst

Department: Information Technology

Employment Type: Full Time

Location: Redondo Beach

Compensation: $90,000 - $120,000 / year

Description

We are seeking a Governance, Risk, and Compliance (GRC) Analyst to help build, manage, and scale our information security compliance programs. You will play a hands-on role in maintaining and operationalizing controls for frameworks like CMMC, NIST 800-171, NIST 800-53, and ITAR, while supporting internal risk assessments, customer security reviews, and policy lifecycle management.

This role is ideal for someone who thrives on structured thinking, translating security requirements into business-aligned controls, and keeping fast-moving teams inspection-ready. You'll work closely with the InfoSec, IT, legal, and engineering teams while supporting both internal leadership and external customer compliance engagements.

Responsibilities

• Maintain and track compliance with NIST 800-171, 800-53, CMMC, and ITAR obligations across systems, personnel, and vendors
• Own and manage security documentation, including System Security Plans (SSPs), POA&Ms, RA/RM, and associated audit artifacts
• Leverage Onspring to manage control mappings, evidence collection, policy lifecycle tracking, and compliance reporting
• Assist in the development, revision, and review of security policies, standards, and procedures to ensure alignment with current frameworks
• Collaborate with IT, Security, and Engineering teams to monitor and verify the implementation of technical and administrative controls
• Coordinate and support internal risk assessments, gap analyses, and customer security reviews
• Track and report on compliance status, risk findings, and remediation activities to InfoSec leadership and executive stakeholders
• Support risk-based decision making by conducting internal control reviews and supplier/vendor compliance assessments
• Facilitate end-user security training, compliance briefings, and evidence collection workflows
• Participate in continuous improvement of compliance processes, playbooks, and tooling as the company scales

Minimum Qualifications

• 3+ years in a GRC, information security, compliance, or audit support role
• Experience working with, NIST 800-171 and 800-53, CMMC Level 2 or 3, and ITAR and/or export control regimes
• Experience with POA&M management, SSP development, risk assessments, and control mapping
• Experience interfacing with customer security teams or supporting customer-driven compliance reviews
• Demonstrated experience with Onspring or similar GRC platforms (ServiceNow GRC, Archer, etc.)

Preferred Skills and Experience

• Experience supporting defense contractors, aerospace manufacturers, or similar regulated industries
• Demonstrated knowledge of insider threat program requirements, third-party risk programs, or DFARS compliance
• Familiarity with vulnerability management workflows and secure system baselining
• Security certifications such as CAP, CISA, Security+, or Certified CMMC Professional (CCP)
• Strong writing, documentation, and communication skills

Additional Information:

Compensation bands are determined by role, level, location, and alignment with market data. Individual level and base pay is determined on a case-by-case basis and may vary based on job-related skills, education, experience, technical capabilities and internal equity. In addition to base salary, for full-time hires, you may also be eligible for long-term incentives, in the form of stock options, and access to medical, vision & dental coverage as well as access to a 401(k) retirement plan.


To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.  

Impulse Space is an Equal Opportunity Employer; employment with Impulse Space is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.