GRC Specialist (GCC / GCCH)

Position Overview  

(Salary Range: $70,000-$95,000)

This is a detail-oriented and proactive role to support and enhance our client’s governance, risk management, and CMMC compliance. This role is responsible for identifying, assessing, and mitigating risks while ensuring adherence to regulatory requirements, industry standards, and policies. 

This role requires a strong working knowledge of CMMC Level 1 and Level 2 requirements. The individual will be responsible for scoping client environments to determine applicable compliance obligations, including the need for Microsoft 365 GCC or Microsoft 365 GCC High, as well as evaluating network architecture and physical security considerations. 

The role involves active participation in client meetings, providing guidance on required documentation, and addressing client inquiries related to their CMMC compliance. The individual will participate in client assessments by leading or responding to questions concerning documentation, system environments, and control implementation. 

Additionally, this position serves as an internal subject matter expert, providing advisory support to team members on CMMC-related matters and ensuring consistent interpretation and application of requirements across engagements. 

The GRC Specialist will work directly with the Compliance Officer for direction as well as the GRC Admin in the preparation of documentation.   

Key Responsibilities  

Scoping  

• Determine GCC or GCC High tenant needs 

• Determine applicable compliance obligations 

• Enclave / Physical  

• Network Architecture requirements 

• Physica security requirements (if not an Enclave) 

• Work through scoping questionnaire and Consent to Proceed – internally and with client 

• Participating in creating Implementation Timeline  

Client Meetings 

• Lead discussions / answer questions with the client 

• Scoping 

• Biweekly Meetings 

• CyberSecurity Maintenance Checklist activities 

• Assessment Prep 

Documentation & Additional Responsibilities 

• Maintain clear, complete, and accurate ticket documentation.  

• Treat all documentation as potential assessment evidence.  

• Follow naming conventions and use appropriate templates  

• Follow the Implementation Plan for Clients 

• Provide direction to the team on CMMC questions 

• Work with the Compliance Office for direction as needed 

• Work with the GRC Admin on documentation prep, etc. 

Why This Role Matters  

Consistency and accuracy in scoping and documentation directly affect a client’s ability to pass a CMMC assessment. This role ensures that all GRC processes and procedures have been followed so the client can be validated the same—months or years later—by an assessor.  

Required Skills & Attributes  

• CCP training 
• Exceptional attention to detail and ability to follow instructions precisely.  

• Strong interest in compliance, security, and regulated IT environments.  

• Comfortable working in structured, checklist-driven workflows.  

• Willingness to ask questions rather than improvise.  

• Strong written communication skills for documentation and tickets.  

• Reliability and consistency in task execution.  

Preferred (Not Required) Experience  

• Experience to Microsoft 365 environments 

• MSP Experience in structured service environments 

• Technical writing 
• CCA Training

• Health Care Plans (Medical, Dental & Vision)

• Retirement Plan and Matching (Simple IRA)
• Paid Time Off (Vacation, Sick, and Public Holidays)
• Full-Remote Work from Home