Director of GRC Engineering

About Aquia Inc.

Named the “#1 Best Remote Startup to Work For in 2025” by Built In, Aquia is a digital services firm specializing in cloud infrastructure, cybersecurity, and compliance automation for the U.S. government.  

Founded by Veterans, we are passionate about making our country digitally capable and secure. Since 2021, we’ve generated millions in cost savings through cloud services and licensing optimization, enabled civil servants to double health care fraud investigations through streamlined cloud-based systems, and reduced authorization timelines by 74% through modernized security processes. Last year, we were named the 2024 Service-Disabled Veteran-Owned Business (SDVOSB) of the Year by the Department of Health and Human Services (HHS).

Candidates must be U.S. Citizens eligible for a Public Trust Clearance.

Director of GRC Engineering

Position Overview:

The Director of GRC Engineering will be responsible for leading and growing the Governance, Risk, and Compliance (GRC) Engineering practice at Aquia. Tactically, this position will support engineering solutions for the Continuous Authorization to Operate (cATO) program at a U.S. Government agency. This role will ensure efficient delivery and operations of compliance automation within NIST 800-53 frameworks and lead development for integrations of services like AWS, CI/CD Pipelines, etc., and modern GRC systems. 

Responsibilities:

• System Development and Integration: Lead testing, development, and implementation for cATO automations to ensure optimal performance and integration with the agency’s existing systems, such as AWS, CI/CD Pipelines, and cloud-native technologies​. Activities also include leading the transition from an existing GRC platform to a new cloud-native cATO platform.
• Automation: Automate RMF processes, ensuring the seamless integration of controls into an agency DevSecOps environment​, including API integration.
• Practice Leadership: Lead Aquia’s GRC Engineering practice. Support engineers in the practice with insight, guidance, and growth opportunities. Lead by example with technical ability and skillsets.  
• Business Alignment: Provide internal support to Aquia’s compliance initiatives by engineering solutions which simplify and automate Aquia’s compliance goals reducing cost as well as manual and cognitive load. Guide GRC programs to focus on outcomes vs outputs in compliance deliverables through the lens of an engineering discipline.
• Compliance Cracking: Demonstrate mastery of compliance frameworks and the ability to engineer solutions which automate evidence collection to meet compliance requirements.
• GRC Engineering Advocate: Lead and build trust with internal and external cloud engineers, security teams, compliance stakeholders, and executive stakeholders through the journey of GRC Engineering modernization​.

Required Qualifications:

• Working knowledge of Python or Go.
• Experience in GRC Engineering, Security Engineering, or Software Engineering with a focus on automation and system integration within complex compliance environments.
• Expertise in compliance frameworks, NIST RMF processes, NIST SP 800-53 Rev. 5 controls, and federal cybersecurity policies.
• Experience leading multi-disciplinary teams.

Benefits

• Premium health care plans (90% employer-paid)
• Employee stock plan
• 100% 401k match (up to IRS annual max)
• Generous PTO package
• Personal training and development budget

 

Stay in touch

Sign up for our newsletter to receive updates on cloud and cybersecurity in the public sector and what's new at Aquia.

Aquia Inc. is an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.