Jobs · Finance

Security and Compliance Lead

Aalyria · United States · 3 wk ago
RemoteRemoteFinanceFull-time

About the role

We are looking for an experienced Security & Compliance Lead to join our team. The ideal candidate will have deep expertise in federal compliance frameworks including CMMC, FedRAMP, ITAR, and DFARS, combined with hands-on technical security implementation experience.

Responsibilities

  • Own CMMC L2 certification and FedRAMP High authorization efforts end-to-end, including gap analysis, remediation tracking, evidence collection, and assessment coordination
  • Maintain compliance with DFARS cybersecurity clauses (7012, 7019, 7020), ITAR, EAR and other federal requirements; manage SPRS score and supplier requirements
  • Develop and maintain System Security Plans, POA&Ms, policies, procedures, and supporting artifacts across all compliance frameworks
  • Serve as primary point of contact for C3PAO/3PAO assessors, government customers, prime contractors, and agency authorizing officials
  • Manage continuous monitoring activities including vulnerability scanning, access reviews, evidence collection, and monthly/annual reporting
  • Monitor regulatory changes across CMMC, FedRAMP, NIST 800-171/800-53, DFARS, and ITAR; assess impact and drive necessary updates
  • Implement security controls hands-on, including identity and access management, logging, encryption, and endpoint security
  • Harden cloud infrastructure in GCP, AWS, implementing security configurations and access controls aligned with compliance requirements
  • Build automation and tooling for evidence collection and compliance reporting; integrate security into CI/CD pipelines
  • Define, document, and enforce CUI boundaries and enclave architecture
  • Translate compliance requirements into actionable technical guidance for engineering teams
  • Support customer security assessments, due diligence requests, and contract security requirements

Requirements

  • 7+ years of experience in security roles with demonstrated compliance and technical responsibilities
  • Deep knowledge of federal compliance frameworks: NIST 800-171, NIST 800-53 Rev 5, CMMC 2.0, FedRAMP, and ITAR compliance and cybersecurity requirements
  • Experience preparing for and supporting third-party assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or equivalent)
  • Hands-on technical skills: ability to write scripts, Terraform, and troubleshoot access issues
  • Cloud security experience securing cloud environments (GCP preferred; AWS GovCloud)
  • Experience with enterprise IAM platforms (Okta, Azure AD, or similar)
  • Excellent documentation skills with ability to write policies that satisfy auditors and implementation guides that engineers can use
  • Strong communication skills with comfort presenting to auditors, executives, government customers, and authorizing officials
  • Combined experience in both compliance/GRC and hands-on technical security implementation
  • Experience leading or supporting third-party security assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or similar)
  • Ability to interpret NIST 800-53 controls and implement them in cloud environments
  • Working knowledge of CMMC, FedRAMP, and DFARS frameworks, including overlapping control requirements
  • Demonstrated ability to operate effectively in fast-paced environments with competing priorities
  • Experience building or significantly maturing a compliance program
  • U.S. Citizenship required
  • FedRAMP authorization experience, ideally from initial readiness through ATO
  • CMMC C3PAO assessment experience
  • DoD or federal contractor background with understanding of regulatory environment and contract requirements
  • GCP experience including Security Command Center, Cloud Audit Logs, IAM, VPC Service Controls, and Assured Workloads
  • Infrastructure-as-code experience with Terraform, Ansible, or similar tools
  • GRM tooling experience (Vanta, Drata, or similar)
  • Security certifications such as CISSP, CISM, CGRC, CAP, or Security+
  • Familiarity with scripting languages (Python, Go, Bash)
  • Active Secret or Top Secret clearance, or ability to obtain

Qualifications

  • U.S. citizen or national
  • U.S. lawful permanent resident (green card holder)
  • Refugee under 8 U.S.C. 1157
  • Asylee under 8 U.S.C. 1158
  • Eligible to access export-controlled information without requiring an export authorization
  • Eligible and reasonably likely to obtain the necessary export authorization from the appropriate U.S. government agency

Benefits

  • Competitive salary
  • Comprehensive benefits (401(k), dental, vision, health, life insurance)
  • Paid time off
  • Equity options

Pay

180,000 - 215,000 USD per year (Remote (United States))

Schedule

Remote (United States)

Company Information

  • Innovative Environment: Work at a cutting-edge company shaping the future of aerospace communications.
  • Impactful Work: Directly contribute to critical national security programs and initiatives.
  • Growth Opportunities: Expand your career with opportunities for professional development and advancement.
  • Inclusive Culture: Be part of a collaborative, supportive, and inclusive workplace where your contributions matter.
  • Flexibility: Flexible working arrangements including hybrid remote/in-office schedules.

Similar jobs

Security Lead

KBR CareersLexington Park, MD· 1 wk ago
Information Technologyapply on careers.kbr.com

Security Lead

CarvanaTooele, UT· 6 days ago
Information Technology$62k/yrapply on carvana.com

Security Lead

Legends GlobalFort Worth, TX· 2 wk ago
Managementapply on asmglobal.wd1.myworkdayjobs.com

Security Lead

CarvanaChesterfield, VA· 1 mo ago
Information Technologyapply on carvana.com

Security Lead

DOMA TechnologiesAnnapolis Junction, MD· 1 mo ago
Information Technologyapply on recruiting.paylocity.com