GRC Security Architect

Responsibilities

• Lead the design, implementation, and continuous improvement of the company’s governance, risk, and compliance program for our NOVA program
• Architect security and compliance controls that support a regulated aerospace environment, including systems that may process or support CUI, ITAR-controlled data, export-controlled information, proprietary engineering data, and other sensitive business information
• Own and mature the company’s risk management process, including risk identification, assessment, treatment planning, exception handling, control validation, and executive-level risk reporting
• Define, document, and maintain security policies, standards, procedures, control narratives, and implementation guidance aligned with frameworks such as NIST SP 800-171, NIST SP 800-53, CMMC, SOC 2, ISO 27001, DFARS, FedRAMP-informed cloud security practices, and other applicable requirements
• Translate regulatory and contractual security requirements into practical, scalable technical and operational controls that can be implemented by IT, Engineering, Manufacturing, Software, Legal, Finance, and business teams
• Partner with IT and software engineering teams to design security controls that are effective, auditable, and compatible with fast-moving technical operations
• Develop and maintain key compliance artifacts, including control mappings, system security plans, control implementation statements, risk registers, POA&Ms, evidence repositories, audit responses, and executive summaries
• Lead internal readiness activities for audits, assessments, customer security reviews, and third-party compliance engagements
• Evaluate proposed systems, tools, vendors, cloud services, and business processes for security, compliance, data protection, and regulatory risk
• Provide security architecture guidance for sensitive systems, including identity and access management, logging and monitoring, endpoint protection, vulnerability management, network segmentation, secure cloud design, data handling, and secure software development practices
• Identify opportunities to automate evidence collection, control monitoring, compliance reporting, and risk tracking
• Serve as a senior advisor to technical and business leaders on security risk, compliance obligations, control tradeoffs, and practical implementation paths
• Perform additional duties as needed to support company security, compliance, and mission objectives

Qualifications

• 7+ years of experience in information security, security architecture, GRC, compliance engineering, infrastructure security, or related roles
• Exceptional understanding of IT and security architecture across applications, networks, servers, storage, identity systems, endpoint platforms, SaaS, cloud infrastructure, and hybrid environments
• Strong working knowledge of governance, risk, and compliance frameworks, including NIST SP 800-171, NIST SP 800-53, CMMC, SOC 2, ISO 27001, and related security control models
• Ability to interpret regulatory, contractual, and framework requirements and translate them into actionable technical and operational controls
• Strong understanding of risk management practices, including risk assessment, risk treatment, exception management, compensating controls, and executive risk communication
• Experience building or maturing security documentation, including policies, standards, procedures, control implementation statements, SSPs, POA&Ms, risk registers, and audit evidence packages
• Strong analytical and problem-solving skills, with sound judgment when balancing security, compliance, business velocity, and operational practicality
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field, or equivalent practical experience

Preferred Qualifications

• Experience operating in regulated environments subject to NIST SP 800-171, CMMC, DFARS, NIST SP 800-53, FedRAMP, ISO 27001, SOC 2, CUI handling, ITAR, export control, aerospace, defense, or other government-driven security requirements
• Experience designing security and compliance programs for fast-growing organizations where processes, systems, and controls must be built while the business is scaling
• Experience supporting or preparing for CMMC, SOC 2, ISO 27001, government customer reviews, or other formal security assessments
• Experience with secure software development lifecycle practices, including threat modeling, secure code review processes, CI/CD security controls, software supply chain risk management, and vulnerability remediation workflows
• Professional security certifications such as CISSP, CISM, CISA, GIAC, or equivalent practical experience
• Prior experience in a startup, aerospace, defense, manufacturing, engineering, or highly technical environment

Benefits

• Equity – We know that our employees are the reason we succeed. To give everyone a stake in our future, we are pleased to offer equity in the form of stock options to all regular, full-time employees. 
• Comprehensive benefits program including subsidized medical, dental, and vision insurance 
• Company-paid life and disability insurance 
• 401(k) plan with employer match 
• 4 weeks’ Paid Time Off 
• Holidays – 10 days (including an end-of-year closure) 
• Paid Family/Parental Leave 
• On-site gym or monthly wellness stipend (depending on location) 
• Dog friendly offices! 

Compensation

Target Levels:

• Level 4 Range: $160,230 - $240,450
• Level 5 Range: $192,360 - $288,435

Our job posts are intentionally written to attract a wide variety of experience levels, and we make decisions about the right fit on a per-candidate basis. 

Your actual level and base salary will be decided based on your specific experience and skill level.

ITAR Requirements

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

Equal Opportunity 

The Company is an Equal Opportunity Employer, including with respect to disability and veteran status. It is committed to compliance with all equal opportunity laws, including the Immigration and Nationality Act (INA) and Title VII.  It does not discriminate on the basis of nationality, race, citizenship, immigration status, or any other protected class when it comes to employment practices, including hiring.