Security and Compliance Lead
Aalyria · United States · 3 wk ago
RemoteRemoteFinanceFull-time
About the role
We are looking for an experienced Security & Compliance Lead to join our team. The ideal candidate will have deep expertise in federal compliance frameworks including CMMC, FedRAMP, ITAR, and DFARS, combined with hands-on technical security implementation experience.
Responsibilities
- Own CMMC L2 certification and FedRAMP High authorization efforts end-to-end, including gap analysis, remediation tracking, evidence collection, and assessment coordination
- Maintain compliance with DFARS cybersecurity clauses (7012, 7019, 7020), ITAR, EAR and other federal requirements; manage SPRS score and supplier requirements
- Develop and maintain System Security Plans, POA&Ms, policies, procedures, and supporting artifacts across all compliance frameworks
- Serve as primary point of contact for C3PAO/3PAO assessors, government customers, prime contractors, and agency authorizing officials
- Manage continuous monitoring activities including vulnerability scanning, access reviews, evidence collection, and monthly/annual reporting
- Monitor regulatory changes across CMMC, FedRAMP, NIST 800-171/800-53, DFARS, and ITAR; assess impact and drive necessary updates
- Implement security controls hands-on, including identity and access management, logging, encryption, and endpoint security
- Harden cloud infrastructure in GCP, AWS, implementing security configurations and access controls aligned with compliance requirements
- Build automation and tooling for evidence collection and compliance reporting; integrate security into CI/CD pipelines
- Define, document, and enforce CUI boundaries and enclave architecture
- Translate compliance requirements into actionable technical guidance for engineering teams
- Support customer security assessments, due diligence requests, and contract security requirements
Requirements
- 7+ years of experience in security roles with demonstrated compliance and technical responsibilities
- Deep knowledge of federal compliance frameworks: NIST 800-171, NIST 800-53 Rev 5, CMMC 2.0, FedRAMP, and ITAR compliance and cybersecurity requirements
- Experience preparing for and supporting third-party assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or equivalent)
- Hands-on technical skills: ability to write scripts, Terraform, and troubleshoot access issues
- Cloud security experience securing cloud environments (GCP preferred; AWS GovCloud)
- Experience with enterprise IAM platforms (Okta, Azure AD, or similar)
- Excellent documentation skills with ability to write policies that satisfy auditors and implementation guides that engineers can use
- Strong communication skills with comfort presenting to auditors, executives, government customers, and authorizing officials
- Combined experience in both compliance/GRC and hands-on technical security implementation
- Experience leading or supporting third-party security assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or similar)
- Ability to interpret NIST 800-53 controls and implement them in cloud environments
- Working knowledge of CMMC, FedRAMP, and DFARS frameworks, including overlapping control requirements
- Demonstrated ability to operate effectively in fast-paced environments with competing priorities
- Experience building or significantly maturing a compliance program
- U.S. Citizenship required
- FedRAMP authorization experience, ideally from initial readiness through ATO
- CMMC C3PAO assessment experience
- DoD or federal contractor background with understanding of regulatory environment and contract requirements
- GCP experience including Security Command Center, Cloud Audit Logs, IAM, VPC Service Controls, and Assured Workloads
- Infrastructure-as-code experience with Terraform, Ansible, or similar tools
- GRM tooling experience (Vanta, Drata, or similar)
- Security certifications such as CISSP, CISM, CGRC, CAP, or Security+
- Familiarity with scripting languages (Python, Go, Bash)
- Active Secret or Top Secret clearance, or ability to obtain
Qualifications
- U.S. citizen or national
- U.S. lawful permanent resident (green card holder)
- Refugee under 8 U.S.C. 1157
- Asylee under 8 U.S.C. 1158
- Eligible to access export-controlled information without requiring an export authorization
- Eligible and reasonably likely to obtain the necessary export authorization from the appropriate U.S. government agency
Benefits
- Competitive salary
- Comprehensive benefits (401(k), dental, vision, health, life insurance)
- Paid time off
- Equity options
Pay
180,000 - 215,000 USD per year (Remote (United States))
Schedule
Remote (United States)
Company Information
- Innovative Environment: Work at a cutting-edge company shaping the future of aerospace communications.
- Impactful Work: Directly contribute to critical national security programs and initiatives.
- Growth Opportunities: Expand your career with opportunities for professional development and advancement.
- Inclusive Culture: Be part of a collaborative, supportive, and inclusive workplace where your contributions matter.
- Flexibility: Flexible working arrangements including hybrid remote/in-office schedules.