GRC Security Architect

At Stoke we believe a thriving space economy will enable a vibrant sustainable and equitable future here on Earth. That is why were building Nova our fully and rapidly reusable launch vehicle. Designed for daily flight Nova tackles the core challenges of space transportation by reducing cost increasing availability and improving reliability. By radically lowering launch costs and increasing flight cadence were helping create a truly scalable space industry.

Our team is mission-driven collaborative and empowered to take ownership of their work. If you want to work alongside some of the most dedicated and talented people on Earth wed love to have you join us.

Description

Reusable launch systems depend on security compliance and risk management that enable speed without compromising the mission. As a GRC Security Architect you will own the security governance risk and compliance architecture for Stokes NOVA program as we build and scale a fully reusable launch vehicle.

This is a hands-on role with end-to-end ownership of how security requirements become practical auditable and scalable controls across the company. You will define and drive the policies standards control implementations risk processes and evidence systems that support frameworks such as NIST 800-171 NIST 800-53 CMMC DFARS CUI ITAR and other customer or regulatory requirements. You will work directly with SMEs across IT security software infrastructure engineering manufacturing legal finance and operations to translate complex obligations into controls that are clear effective and realistic for a fast-moving rocket company. You own the outcome not just the checklist.

We are a small highly motivated team. You will work shoulder-to-shoulder with engineers system owners business leaders and operations teams to identify risk design practical mitigations prepare for audits and assessments and build a security program that enables the company to move fast while protecting sensitive information and mission-critical systems.

You must be ready to stay focused move quickly self-direct and learn on the fly.

Responsibilities

• Lead the design implementation and continuous improvement of the companys governance risk and compliance program for our NOVA program
• Architect security and compliance controls that support a regulated aerospace environment including systems that may process or support CUI ITAR-controlled data export-controlled information proprietary engineering data and other sensitive business information
• Own and mature the companys risk management process including risk identification assessment treatment planning exception handling control validation and executive-level risk reporting
• Define document and maintain security policies standards procedures control narratives and implementation guidance aligned with frameworks such as NIST SP 800-171 NIST SP 800-53 CMMC SOC 2 ISO 27001 DFARS FedRAMP-informed cloud security practices and other applicable requirements
• Translate regulatory and contractual security requirements into practical scalable technical and operational controls that can be implemented by IT Engineering Manufacturing Software Legal Finance and business teams
• Partner with IT and software engineering teams to design security controls that are effective auditable and compatible with fast-moving technical operations
• Develop and maintain key compliance artifacts including control mappings system security plans control implementation statements risk registers POA&Ms evidence repositories audit responses and executive summaries
• Lead internal readiness activities for audits assessments customer security reviews and third-party compliance engagements
• Evaluate proposed systems tools vendors cloud services and business processes for security compliance data protection and regulatory risk
• Provide security architecture guidance for sensitive systems including identity and access management logging and monitoring endpoint protection vulnerability management network segmentation secure cloud design data handling and secure software development practices
• Identify opportunities to automate evidence collection control monitoring compliance reporting and risk tracking
• Serve as a senior advisor to technical and business leaders on security risk compliance obligations control tradeoffs and practical implementation paths
• Perform additional duties as needed to support company security compliance and mission objectives

Qualifications

• 7 years of experience in information security security architecture GRC compliance engineering infrastructure security or related roles
• Exceptional understanding of IT and security architecture across applications networks servers storage identity systems endpoint platforms SaaS cloud infrastructure and hybrid environments
• Strong working knowledge of governance risk and compliance frameworks including NIST SP 800-171 NIST SP 800-53 CMMC SOC 2 ISO 27001 and related security control models
• Ability to interpret regulatory contractual and framework requirements and translate them into actionable technical and operational controls
• Strong understanding of risk management practices including risk assessment risk treatment exception management compensating controls and executive risk communication
• Experience building or maturing security documentation including policies standards procedures control implementation statements SSPs POA&Ms risk registers and audit evidence packages
• Strong analytical and problem-solving skills with sound judgment when balancing security compliance business velocity and operational practicality
• Bachelors degree in Computer Science Cybersecurity Information Systems Engineering or a related field or equivalent practical experience

Preferred Qualifications

• Experience operating in regulated environments subject to NIST SP 800-171 CMMC DFARS NIST SP 800-53 FedRAMP ISO 27001 SOC 2 CUI handling ITAR export control aerospace defense or other government-driven security requirements
• Experience designing security and compliance programs for fast-growing organizations where processes systems and controls must be built while the business is scaling
• Experience supporting or preparing for CMMC SOC 2 ISO 27001 government customer reviews or other formal security assessments
• Experience with secure software development lifecycle practices including threat modeling secure code review processes CI/CD security controls software supply chain risk management and vulnerability remediation workflows
• Professional security certifications such as CISSP CISM CISA GIAC or equivalent practical experience
• Prior experience in a startup aerospace defense manufacturing engineering or highly technical environment

Benefits

• Equity We know that our employees are the reason we succeed. To give everyone a stake in our future we are pleased to offer equity in the form of stock options to all regular full-time employees.
• Comprehensive benefits program including subsidized medical dental and vision insurance
• Company-paid life and disability insurance
• 401(k) plan with employer match
• 4 weeks Paid Time Off
• Holidays 10 days (including an end-of-year closure)
• Paid Family/Parental Leave
• On-site gym or monthly wellness stipend (depending on location)
• Dog friendly offices!

Compensation

Target Levels:

• Level 4 Range: $160230 - $240450
• Level 5 Range: $192360 - $288435

Our job posts are intentionally written to attract a wide variety of experience levels and we make decisions about the right fit on a per-candidate basis.

Your actual level and base salary will be decided based on your specific experience and skill level.

ITAR Requirements

To conform to U.S. Government space technology export regulations including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen lawful permanent resident of the U.S. protected individual as defined by 8 U.S.C. 1324b(a)(3) or eligible to obtain the required authorizations from the U.S. Department of State.

Equal Opportunity

The Company is an Equal Opportunity Employer including with respect to disability and veteran status. It is committed to compliance with all equal opportunity laws including the Immigration and Nationality Act (INA) and Title VII. It does not discriminate on the basis of nationality race citizenship immigration status or any other protected class when it comes to employment practices including hiring.

Employment at the Company is contingent upon satisfactory completion of reference and background checks and on your ability to prove your identity and authorization to work in the U.S. for the Company. Employees must comply with the United States Citizenship and Immigration Services employment verification requirements and therefore they must complete an Employment Eligibility Verification Form I-9 at the start of employment and re-verify authorization to work periodically.

Separate from this I-9 process this position entails access to certain technology and technical data that is restricted under U.S. export control laws and regulations. Employment or continued employment may be conditioned on your legal authorization to work with or have access to export control materials as necessary to perform your job.

Candidate Rights & Accommodations

If you require a reasonable accommodation to complete the application or participate in the interview process please contact . Requests will be handled in accordance with applicable laws. Please do not include medical or other confidential information in your initial request.

For more information about your rights please refer to the Know Your Rights notice here.

E-Verify

Stoke Space uses E-Verify to confirm the identity and employment eligibility of all new hires.