About Quartermaster AI

At Quartermaster AI, we believe the ocean should be a safe and sustainably managed resource for all. By leveraging cutting-edge AI and robotics, we unlock capabilities that were only recently impossible. Our distributed open-ocean systems enable every vessel to sense, compute, and communicate, enhancing maritime domain awareness for those who need it most.

We are building the infrastructure that national security and maritime industries depend on and we need a security and compliance leader who can build the trust frameworks that make it all possible.

The Role

This is not a checkbox compliance role. As our GRC Manager, you will own and operationalize the governance, risk, and compliance program that underpins our work with the Department of Defense and other federal partners. You will build compliance infrastructure from the ground up, translating complex regulatory frameworks into scalable, automation-first processes that enable our engineering teams to move fast without compromising security.

You will report directly to security leadership and serve as the primary authority on all matters related to information security governance, regulatory compliance, and organizational risk posture. This is a foundational role with significant influence over how Quartermaster AI grows and operates.

Key Responsibilities

• Design, implement, and manage the enterprise GRC program, establishing policies, standards, and procedures aligned with NIST SP 800-171, CMMC 2.0, and other applicable federal frameworks.
• Lead CMMC Level 2 certification efforts end-to-end, including gap assessments, remediation planning, System Security Plan (SSP) development, and coordination with third-party assessors (C3PAOs).
• Develop and maintain a comprehensive risk management framework, conducting regular risk assessments and presenting risk posture and mitigation strategies to executive leadership.
• Establish continuous monitoring capabilities and compliance automation to maintain ongoing adherence to NIST 800-171 controls across all 14 security families.
• Serve as the primary point of contact for all regulatory audits, government compliance reviews, and customer security questionnaires.
• Collaborate cross-functionally with Engineering, Product, and Operations teams to embed security and compliance requirements into development workflows without creating friction.
• Build and maintain the Plan of Action & Milestones (POA&M) process, tracking deficiencies and driving remediation to closure.
• Develop and deliver security awareness training programs tailored to technical and non-technical audiences.
• Advise leadership on evolving regulatory landscapes, emerging threats, and investment priorities to strengthen the organization’s security posture.
• Evaluate and manage third-party vendor risk, ensuring supply chain security and compliance with flow-down requirements.

Required Qualifications

• 10+ years of information security experience, including 5+ years leading and maturing GRC programs within defense, intelligence, or technology sectors.
• Deep mastery of NIST SP 800-171, NIST SP 800-53, and CMMC 2.0, with a track record of leading organizations through formal certification and assessment processes.
• Strong command of DFARS 252.204-7012 and CUI requirements, including hands-on development of System Security Plans (SSPs) and POA&Ms.
• Proven ability to translate complex regulatory and compliance mandates into actionable guidance for engineering and business teams.
• Must be a U.S. citizen and able to obtain and maintain a U.S. security clearance.
• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, or a related field. Advanced degree preferred.

Preferred Qualifications

• Industry certifications such as CISSP, CISM, CRISC, CGRC, or CMMC Registered Practitioner (RP) / Certified Professional (CCP).
• Experience with GRC tooling and compliance automation platforms (e.g., Drata, Vanta, Archer, or similar).
• Familiarity with cloud security compliance in AWS, Azure, or GCP environments.
• Experience working in a high-growth startup or scale-up environment, building processes where none previously existed.
• Prior experience supporting DoD or IC programs with active security clearance.
• Knowledge of additional compliance frameworks (FedRAMP, SOC 2, ISO 27001) and their intersection with CMMC/NIST requirements.

Why Join Quartermaster AI?

• Shape the security foundation of a company building technology that directly enhances national and maritime security.
• Report directly to leadership with significant autonomy to build the GRC function your way.
• Work alongside top-tier professionals across AI, robotics, defense, and intelligence.
• Competitive salary with comprehensive medical, dental, and vision benefits.
• Flexible remote work with a mission-driven, fast-moving team.
• Career growth in a rapidly scaling defense-tech company at the forefront of maritime AI.