Senior Cyber Risk & Compliance Specialist
York Space Systems · Greenwood Village, CO · 1 wk ago
SalesFull-time
Key Responsibilities
- Lead CMMC Level 2 implementation, readiness activities, and assessment preparation
- Own control testing, validation, and compliance monitoring activities
- Manage and mature the Plan of Action & Milestones (POA&M) program
- Conduct enterprise cyber risk assessments and facilitate risk management activities
- Maintain and mature the enterprise cyber risk register
- Perform control gap analyses and develop remediation recommendations
- Lead cybersecurity vendor and third-party risk reviews
- Support SOX IT General Controls (ITGC) compliance activities and audit engagements
- Coordinate internal and external audit responses
- Develop, maintain, and improve cybersecurity policies, standards, baselines, and procedures
- Support enterprise AI governance and cybersecurity governance initiatives
- Partner with IT, Engineering, Security Operations, Legal, HR, and business stakeholders to drive compliance and risk reduction efforts
- Independently manage cybersecurity projects and program initiatives from planning through execution
Required Qualifications
- 7+ years of cybersecurity, risk, compliance, audit, governance, or related experience
- Experience supporting one or more cybersecurity frameworks such as CMMC, NIST SP 800-171, NIST Cybersecurity Framework (CSF), RMF, ISO 27001, FedRAMP, SOC 2, or SOX
- Experience conducting risk assessments and control evaluations
- Experience supporting audits, assessments, or regulatory compliance initiatives
- Strong understanding of cybersecurity risk management principles
- Excellent written and verbal communication skills
- Ability to work effectively across technical and non-technical teams
- Strong project management and organizational skills
- Ability to obtain a US security clearance
Preferred Qualifications
- Experience in the following areas: Supporting defense, aerospace, government contracting, or highly regulated environments
- Supporting Microsoft GCC High environments
- Experience with Hyperproof or similar GRC platforms
- Supporting cybersecurity governance initiatives in cloud and hybrid enterprise environments
- Experience in supporting AI governance, data governance, or emerging technology governance programs