Governance Risk and Compliance (GRC) Compliance Specialist

Jeppesen ForeFlight builds industry-leading aviation software used by pilots, aircraft operators, and major airlines worldwide. As a high-growth, private equity-backed company, we are focused on scaling our operations, strengthening our financial infrastructure, and driving operational excellence across the business. Our team combines deep domain expertise with a collaborative, high-performance culture to solve complex challenges and support continued growth.Jeppesen ForeFlight is seeking a Governance, Risk, and Compliance (GRC) Specialist to drive the operational execution of our risk and control program. This is a multifaceted role performing a host of compliance duties across our software business. The GRC Specialist will work across a variety of national and international frameworks, including NIST 800-53, ISO 27001, and others, ensuring Jeppesen ForeFlight meets and exceeds the security controls supporting these frameworks.The role will analyze security controls across our framework set, assess current state versus required state, identify deficiencies, plan and track corrective actions, and conduct internal reviews of both process and technical control implementation. We have a defined risk and control methodology in place; this role exists to close the gap between methodology and consistent day-to-day execution at scale, while translating control requirements across frameworks into a unified control model that reduces duplication and improves traceability.We’re hiring this role with a GRC engineering mindset. We want someone who treats compliance as an engineering problem, automating evidence collection, instrumenting controls to produce continuous signals, and partnering with engineering and security to make compliance a byproduct of how we already operate, not a separate manual track.This role works across the organization and is expected to communicate effectively with leadership, operations, security, and engineering. 100% remote, US-based. Limited travel may be required to support audit and compliance efforts; not estimated to exceed 10% of the employee’s time.Key ResponsibilitiesDrive day-to-day execution of the risk lifecycle (intake, assessment, control validation, remediation, tracking) and oversee the ISMS, including the risk register, Statement of Applicability (SoA), and corrective actionsLead audit cycles end-to-end across multiple frameworks (NIST 800-53, ISO 27001, CMMC, SOC 2, etc.), scoping, evidence collection, and control testingTranslate control requirements across frameworks into a unified control model with crosswalks so a single piece of evidence satisfies multiple obligations; identify and remediate deficiencies between control expectations and current implementationAdminister and extend our compliance automation platform, improving control mapping, evidence workflows, and integrations with cloud infrastructure, identity systems, ticketing, and CI/CD pipelines; translate written policies into enforceable, testable controls to move us toward continuous complianceDefine, write, and maintain corporate security policies, standards, procedures, and baselinesAssist with the vendor security risk program, due diligence, technical reviews, and ongoing monitoringCommunicate effectively from C-Level executives to operations and engineering; demonstrate willingness to speak truth on security compliance and express deficiencies clearly when they existProduce executive reporting on compliance metrics, audit readiness, and risk trendsBasic QualificationsBachelor’s degree or equivalent experience in a technical field (e.g., military experience qualifies)5+ years in GRC, risk management, IT audit, or security compliance, with hands-on operational ownership of a control programDemonstrated experience applying NIST 800-53 or equivalent DoD cybersecurity controls (STIGs, RMF, etc.), including control selection, tailoring, assessment, and evidence generationWorking knowledge of additional frameworks (ISO 27001, SOC 2, NIS2, COBIT, or similar) and experience harmonizing them into a unified control setHands-on experience administering a GRC or compliance automation platform, including configuring workflows and building integrationsComfort with scripting or API integrations for evidence automation, control monitoring, and reportingFamiliarity with cloud environments (AWS, GCP, or Azure) and how IAM, logging, and configuration management map to compliance requirementsExperience with vulnerability management, patch management, or system hardeningStrong written communication, able to translate control language for engineers and engineering language for auditorsDemonstrated bias toward automation and repeatable systems over manual, periodic effortProblem solver with a desire to see problems as challenges to be resolvedPreferred QualificationsMilitary or federal background (military cybersecurity, DoD compliance, or government) cloud environmentsAbility to learn / support workloads at DoD Impact Level 5 (IL5) or Impact Level 6 (IL6)Experience supporting a CMMC certification, FedRAMP authorization, or RMF accreditation packageCompliance-as-code or policy-as-code experience (OPA,Terraform Sentinel, AWS Config rules, OSCAL)CI/CD-integrated control testing or automated evidence pipelinesSecurity or compliance certification such as CISM, CRISC, CCSP, or ISO27001Experience working with Change Control Boards (CCBs) or other oversight groupsExperience with regulations such as FISMA, ITAR, HIPAA, or GDPRBackground in technical roles such as security operations, boundary defense, vulnerability management, or systems administrationPay is based upon candidate experience and qualifications, as well as market and business considerations. Summary Pay Range:Why You Should JoinAt Jeppesen ForeFlight, we know you want a rewarding career. To do that, you need challenging projects, a good work environment, and awesome coworkers. We believe in our employees, and we empower them to make a direct impact on our products and services messaging. We strive to provide our employees with a world-class benefits experience, focused on supporting their physical, financial, and emotional wellbeing. Our benefits package includes but not limited to the following:Medical, dental, vision insurance with Employer paid health premiumsOpen PTO Policy401(k) with up to 10% company matching and immediate vesting12 Weeks Paid Maternity Leave4 Weeks Paid Paternity LeaveFlight Training RewardsJeppesen ForeFlight - EOE including Disability/Vets | Pay Transparency | E-Verify Participant |Equal Opportunity Employer