Governance, Risk, and Compliance Lead

Primer exists to make the world a safer place.  We do this by providing trusted decision-ready AI to the world's most critical organizations.  Our software enables leaders, operators, and analysts to better understand the changing world around us in real time and make informed decisions when the stakes are high.  Primer has offices in San Francisco, Pasadena, CA and Arlington, VA.  For more information, please visit https://primer.ai/

As the GRC Lead, you will lead risk and compliance activities across the entirety of Primer’s business. Your most important responsibility will be to achieve & maintain compliance with initiatives such as CMMC 2.0, FedRAMP, SOC 2, and ISO 27001 as well as lead the Risk Management Framework (RMF).

As the GRC Lead, you will be responsible for driving progress on Authority To Operate (ATO) initiatives, and maturing security and compliance controls to support a GCC High environment.  You will also work cross-functionally with other parts of Primer, such as the IT, Security, Legal, Human Resources, Product and Engineering teams. In general, this role requires high levels of trust, autonomy, and balancing security requirements with delivery needs.

How You Will Make an Impact:

• Drive Primer’s compliance programs, which include CMMC, FedRAMP, SOC 2, and ISO 27001
• Assist in aligning Primer’s security and compliance strategy with business goals
• Lead the rollout of changes required for compliance, to include gathering detailed IT requirements and budget, thinking through and revamping processes
• Create and maintain program-specific training for employees
• Implement a metrics program to ensure the information security management system is operating effectively
• Report on compliance initiative to senior management
• Organize and lead security and compliance assessments, writing and organizing documentation, diagrams, identifying/tracking tasks for internal Primer teams (e.g. Engineering, Product, etc.), and communicating with external stakeholders
• Comprehend Risk Management Framework (RMF) accreditation requirements for specific customer deployments, and be able to translate those requirements into an actionable project plan to meet customer timelines
• Utilize your expertise to ensure Primer’s GCC High environment continually meets federal requirements for processing and storing sensitive data

Relevant Skills and Experience:

• US citizenship required
• Located in the SF or DC metro area
• Experience with the following:
• FedRAMP
• Risk Management Framework
• CMMC / NIST 800-171
• SOC 2
• ISO 27001
• General knowledge of cloud technologies and platforms (e.g., AWS, Azure)
• 3+ years of professional experience working in or with the US Department of Defense or related US Government organizations

Primer works closely with the U.S. defense and intelligence establishment. Any offer of employment is conditioned on an applicant or employee being able to meet any applicable government contract requirements. The company may rescind any offer of employment to an applicant or terminate an employee if the applicant or employee is unable to perform the functions of the position in compliance with applicable government contracts or if an applicant or employee makes a false attestation of compliance.

What We Offer

We are a series D funded company with investors from Addition, USIT, Lux Capital, Amplify Partners, Addition Capital, Bloomberg Beta, and others.  We are intentional around building a diverse and inclusive team of subject matter experts to better advocate for the needs of our users. 

We care a lot about our work and about the well being of our team. We encourage everyone to work at a sustainable pace and have a flexible vacation policy for team members to utilize, Wellness Days and 100% paid leave for parents of growing families.

We offer competitive compensation and comprehensive benefits. This includes full medical, dental, and vision coverage, fertility benefits through Carrot, mental health coverage on demand with Headspace Care+, Gympass+ Membership via Wellhub, One Medical Membership, 401(k), remote work stipends, and monthly internet allowance.

Primer is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Please see the United States Department of Labor's EEO poster and EEO poster supplement for additional information.

If you need assistance or accommodation due to a disability, you may contact us at info@primer.com.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.