Governance Risk and Compliance (GRC) Compliance Specialist

Jeppesen ForeFlight builds industry-leading aviation software used by pilots, aircraft operators, and major airlines worldwide. As a high-growth, private equity-backed company, we are focused on scaling our operations, strengthening our financial infrastructure, and driving operational excellence across the business. Our team combines deep domain expertise with a collaborative, high-performance culture to solve complex challenges and support continued growth.

Jeppesen ForeFlight is seeking a Governance, Risk, and Compliance (GRC) Specialist to drive the operational execution of our risk and control program. This is a multifaceted role performing a host of compliance duties across our software business. The GRC Specialist will work across a variety of national and international frameworks, including NIST 800-53, ISO 27001, and others, ensuring Jeppesen ForeFlight meets and exceeds the security controls supporting these frameworks.

The role will analyze security controls across our framework set, assess current state versus required state, identify deficiencies, plan and track corrective actions, and conduct internal reviews of both process and technical control implementation. We have a defined risk and control methodology in place; this role exists to close the gap between methodology and consistent day-to-day execution at scale, while translating control requirements across frameworks into a unified control model that reduces duplication and improves traceability.

We’re hiring this role with a GRC engineering mindset. We want someone who treats compliance as an engineering problem, automating evidence collection, instrumenting controls to produce continuous signals, and partnering with engineering and security to make compliance a byproduct of how we already operate, not a separate manual track.

This role works across the organization and is expected to communicate effectively with leadership, operations, security, and engineering. 100% remote, US-based. Limited travel may be required to support audit and compliance efforts; not estimated to exceed 10% of the employee’s time.

Key Responsibilities

• Drive day-to-day execution of the risk lifecycle (intake, assessment, control validation, remediation, tracking) and oversee the ISMS, including the risk register, Statement of Applicability (SoA), and corrective actions
• Lead audit cycles end-to-end across multiple frameworks (NIST 800-53, ISO 27001, CMMC, SOC 2, etc.), scoping, evidence collection, and control testing
• Translate control requirements across frameworks into a unified control model with crosswalks so a single piece of evidence satisfies multiple obligations; identify and remediate deficiencies between control expectations and current implementation
• Administer and extend our compliance automation platform, improving control mapping, evidence workflows, and integrations with cloud infrastructure, identity systems, ticketing, and CI/CD pipelines; translate written policies into enforceable, testable controls to move us toward continuous compliance
• Define, write, and maintain corporate security policies, standards, procedures, and baselines
• Assist with the vendor security risk program, due diligence, technical reviews, and ongoing monitoring
• Communicate effectively from C-Level executives to operations and engineering; demonstrate willingness to speak truth on security compliance and express deficiencies clearly when they exist
• Produce executive reporting on compliance metrics, audit readiness, and risk trends
  
  
  

Basic Qualifications

• Bachelor’s degree or equivalent experience in a technical field (e.g., military experience qualifies)
• 5 years in GRC, risk management, IT audit, or security compliance, with hands-on operational ownership of a control program
• Demonstrated experience applying NIST 800-53 or equivalent DoD cybersecurity controls (STIGs, RMF, etc.), including control selection, tailoring, assessment, and evidence generation
• Working knowledge of additional frameworks (ISO 27001, SOC 2, NIS2, COBIT, or similar) and experience harmonizing them into a unified control set
• Hands-on experience administering a GRC or compliance automation platform, including configuring workflows and building integrations
• Comfort with scripting or API integrations for evidence automation, control monitoring, and reporting
• Familiarity with cloud environments (AWS, GCP, or Azure) and how IAM, logging, and configuration management map to compliance requirements
• Experience with vulnerability management, patch management, or system hardening
• Strong written communication, able to translate control language for engineers and engineering language for auditors
• Demonstrated bias toward automation and repeatable systems over manual, periodic effort
• Problem solver with a desire to see problems as challenges to be resolved
  
  
  

Preferred Qualifications

• Military or federal background (military cybersecurity, DoD compliance, or government) cloud environments
• Ability to learn / support workloads at DoD Impact Level 5 (IL5) or Impact Level 6 (IL6)
• Experience supporting a CMMC certification, FedRAMP authorization, or RMF accreditation package
• Compliance-as-code or policy-as-code experience (OPA,Terraform Sentinel, AWS Config rules, OSCAL)
• CI/CD-integrated control testing or automated evidence pipelines
• Security or compliance certification such as CISM, CRISC, CCSP, or ISO27001
• Experience working with Change Control Boards (CCBs) or other oversight groups
• Experience with regulations such as FISMA, ITAR, HIPAA, or GDPR
• Background in technical roles such as security operations, boundary defense, vulnerability management, or systems administration
  
  
  

Pay is based upon candidate experience and qualifications, as well as market and business considerations. Summary Pay Range:

Why You Should Join

At Jeppesen ForeFlight, we know you want a rewarding career. To do that, you need challenging projects, a good work environment, and awesome coworkers. We believe in our employees, and we empower them to make a direct impact on our products and services messaging. We strive to provide our employees with a world-class benefits experience, focused on supporting their physical, financial, and emotional wellbeing. Our benefits package includes but not limited to the following:

• Medical, dental, vision insurance with Employer paid health premiums
• Open PTO Policy
• 401(k) with up to 10% company matching and immediate vesting
• 12 Weeks Paid Maternity Leave
• 4 Weeks Paid Paternity Leave
• Flight Training Rewards
  
  
  

Jeppesen ForeFlight - EOE including Disability/Vets | Pay Transparency | E-Verify Participant |Equal Opportunity Employer