Information Security, Risk, & Compliance Manager

Why Choose Royce Geo, a GRVTY Company

Royce Geo, a GRVTY Company, started with a simple, American idea: we do things not because they are easy but because they are hard. Royce Geo, a GRVTY Company, exists to answer challenges. We do it for customers in defense, intelligence, homeland security—anyone whose job it is to advance America’s strategic position. The size of the challenge we face demands new skills, new backgrounds, and new thinking. That’s what we’re here to deliver. And when you work shoulder to shoulder with brilliant people tackling the most high-stakes challenges, it’s invigorating. Our culture is built on collaboration, mission-focused innovation, and a commitment to excellence, where every challenge we answer opens the door to a new possibility.

The toughest national security challenges demand vision and ingenuity, not just resources. We deliver mission and technical expertise to outpace our adversaries. We’re purpose-built to tackle the most entrenched, systemic national security issues around the world.

We partner with our customers to help them overcome challenges in every corner of technology and defense—including the ones still being explored. Our growing capabilities create complementary advantages, giving on-the-ground operations the edge they need to succeed. We muster everything we have to answer every challenge presented, every day of our lives.

At Royce Geo, a GRVTY Company, we believe that when our employees thrive, our company thrives. That’s why we offer a comprehensive and competitive benefits package designed to support your well-being, growth, and work-life balance.

• Robust health plan including medical, dental, and vision

• Health Savings Account with company contribution

• Annual Paid Time Off and Paid Holidays

• Paid Parental Leave

• 401k with generous company match

• Training and Development Opportunities

• Award Programs

• Variety of Company Sponsored Events

We are seeking a dedicated (onsite) Information Security, Risk, & Compliance Manager to join our team.

Key Responsibilities:

• Leading enterprise-wide efforts to maintain compliance with standards such as CMMC, DFARS, and ITAR, including control implementation, internal readiness assessments, and evidence collection.
• Regular risk assessments, manage and maintain the organization’s risk register, and implement mitigation strategies based on identified threats and vulnerabilities.
• Perform internal audits and coordinate with external auditors to ensure timely remediation of findings. Operationally, this role oversees deployment and tuning of network and data security tools such as CrowdStrike, and Microsoft Defender.
• Develop and enhance security policies and procedures, coordinate third-party risk reviews, perform vulnerability management, track SLA compliance, and collaborate with stakeholders on continuous improvement initiatives. Process optimization and automation are key focuses—this includes automating audit workflows, compliance reporting, and control testing.

Required Skills:

• US Citizenship Required
• Bachelor’s degree in Cybersecurity, Information Technology, or a related field, with at least 5+ years of experience in information security, compliance, or audit management.
• Strong working knowledge of compliance frameworks such as CMMC is required, along with hands-on experience implementing internal controls and conducting audits.
• Familiarity with GRC tools and security technologies is expected.
• Excellent communication, documentation, and project management skills, and be comfortable working across departments to drive security initiatives.

Desired Skills:

• Certifications such as CISSP, CISA, CRISC, Security+, or CMMC RP/CCP, and experience in the defense or federal contracting space.
• Knowledge of information security principles (e.g., least privilege, confidentiality, defense-in-depth).
• Understanding of cloud security (especially Microsoft 365 and Entra environments).
• Experience with risk-based decision-making and compliance automation.
• Familiarity with FedRAMP, ITAR, and third-party vendor assessments.
• Develop, implement, and manage the information security strategy to protect company assets and data.
• Assess and mitigate risks related to information security and compliance regulations.
• Lead internal and external audits, ensuring adherence to relevant laws and standards.
• Collaborate with cross-functional teams to create a culture of security awareness across the organization.
• Monitor emerging threats and trends in cybersecurity to proactively address vulnerabilities.

EEO Statement

Royce Geo, a GRVTY Company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran and will not be discriminated against on the basis of disability.

Anyone requiring reasonable accommodations should email recruiting@grvty.com with requested details. A member of the HR team will respond to your request within 2 business days. Please review our current job openings and apply for the positions you believe may be a fit. If you are not an immediate fit, we will also keep your resume in our database for future opportunities.