Tyto Athene has an opening for a Federal GRC Compliance Specialist. The Federal GRC Compliance Specialist will be responsible for the continued development, implementation, and maintenance of the organization’s business systems and compliance programs associated with FAR (Federal Acquisition Regulation), DFARS (Defense Federal Acquisition Regulation Supplement), and other agency-specific requirements. The Compliance Associate will have the knowledge, experience, and skills to support the implementation of new compliance initiatives from development of process documentation, to training personnel, to analyzing internal audit activities in order to ensure compliance with external regulatory audits and assessments.

This is a full-time, remote work position.

Responsibilities:

• Develop, maintain, and implement GRC-related plans, policies, processes, procedures, templates, control documentation, and compliance artifacts in the following subject areas:
• Cybersecurity Maturity Model Certification (CMMC)
• Supply Chain Risk Management (SCRM)
• Cyber Supply Chain Risk Management (C-SCRM)
• Accounting System (AS)
• Estimating System (ES)
• Purchasing System (CPSR)
• ISO 27001
• ISO 20000-1
• Monitor and support compliance with federal regulations, contract terms, and internal policies, and applicable governance frameworks and control requirements.
• Conduct periodic internal reviews and audits to ensure ongoing adherence to applicable laws and standards, contractual obligations, and internal control requirements.
• Assist with preparing for external audits, reviews, or investigations conducted by government agencies or third-party auditors.
• Track and report on compliance metrics and issues, risks, deficiencies, corrective actions, and improvement activities.
• Provide training and awareness materials to staff on compliance-related topics associated with the programs listed above and promote consistent understanding of GRC requirements across business functions.
• Collaborate with internal departments (e.g., IT, Supply Chain, HR, Pricing, Finance, Program Management) to ensure cross-functional compliance and effective control implementation.
• Stay current with changes in relevant federal regulations, including FAR, DFARS, and agency-specific guidance.
• Support the development and implementation of corrective action plans when compliance deficiencies are identified, including tracking remediation status and assessing corrective action effectiveness.
• Collaborate with senior leadership to align process improvement efforts with organizational goals and objectives, ensuring strategic alignment and driving compliance a compliance and risk-aware culture throughout the company.

Requirements:

• Bachelor's degree in Business, Law, Public Administration, Information Systems, Cybersecurity or a related field.
• 5+ years of relevant experience in a GRC, compliance, regulatory, legal, internal audit, cybersecurity compliance, or government contracting compliance function.
• Working knowledge of federal government contracting regulations, including FAR, DFARS, and related agency-specific requirements.
• Experience working for a federal government contractor.
• Excellent attention to detail and organizational skills.
• Strong analytical and problem-solving skills.
• Demonstrated excellence in written and verbal communication skills.
• Ability to manage multiple tasks and meet deadlines.
• Demonstrated experience leading GRC or compliance-related initiatives with minimal supervision.
• Experience supporting internal/external compliance audits to include responding to deficiencies, implementing corrective action plans, and assessing their effectiveness.
• Demonstrated ability to design and implement cross-functional processes, controls, and documentation to meet regulatory, contractual, audit, and governance requirements.
• Advanced proficiency in MS Office products and Adobe Acrobat.

Additional Requirements:

• Extensive knowledge of NIST SP 800-171, NIST SP 800-53 and/or NIST SP 800-161 highly desired but not required.
• Previous participation and/or experience with Certified Third-Party Assessment Organization (C3PAO) CMMC assessments highly desired but not required.
• Previous participation and/or experience with Defense Contract Management Agency (DCMA) Contractor Purchasing System Reviews (CPSR) highly desired but not required.
• Previous participation and/or experience with Defense Contract Audit Agency (DCAA) Accounting system audits highly desired but not required.
• Previous participation and/or experience with Defense Contract Management Agency (DCMA) Estimating system audits highly desired but not required.
• ISO Internal Auditor (Any Standard), desired but not required.
• Experience supporting the development, implementation and management of ISO 27001 and ISO 20000-1 programs a plus.
• Experience with Export Control requirements such as International Traffic in Arms Regulations (ITAR) Export Administration Regulations (EAR) and Office of Foreign Assets Control (OFAC) a plus.
• Experience with Earned Value Management System (EVMS) requirements and implementation a plus.
• Experience drafting and supporting compliance related proposal responses a plus.

Compensation:

• Compensation is unique to each candidate and relative to the skills and experience they bring to the position. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.