Implement and manage the NIST Risk Management Framework (RMF) to achieve and maintain compliance, mapping controls from standards like SOC 2, PCI, NIST 800-53, NIST 800-171, and CMMC.
Drive the data privacy program by conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) and managing day-to-day operations like Data Subject Access Requests (DSARs).
Design and execute a continuous internal audit program to validate the effectiveness of controls across both quantum R&D and classical infrastructure, leveraging automated evidence collection to ensure year-round audit readiness.
Develop and enforce a comprehensive Data Governance framework that defines data ownership, classification, and lifecycle management specifically for sensitive quantum research data and proprietary algorithms.
Assess and mitigate risks unique to a quantum computing R&D environment, including intellectual property protection, supply chain security for specialized hardware, and physical security of lab environments.
Establish and mature the organization’s AI Governance Framework in alignment with the NIST AI RMF, performing risk assessments and security reviews of new AI tools and platforms.
Ensure our cloud environments (e.g., AWS, GCP, Azure) are configured and audited against security benchmarks, driving the creation and management of a formal risk remediation roadmap.
Spearhead the automation of GRC processes, building end-to-end compliance workflows in platforms like Jira to reduce manual effort in evidence collection and remediation tracking.
Develop and maintain security metrics and dashboards to report on compliance posture, risk levels, and program maturity to leadership.
Collaborate with technical and non-technical teams from legal to engineering, including on matters of technology, and prepare teams through training and exercises.

Requirements

A Bachelor’s degree in Computer Science or equivalent practical experience.
Familiarity with infosec frameworks like SOC 2, NIST RMF, and ISO 27001.
Demonstrated experience with global privacy frameworks (GDPR, CCPA/CPRA) and applying principles like Privacy by Design.
A technical background in systems administration, software engineering, cloud security, or security engineering.
Proven experience in security risk management and analysis.
Prior experience leading a SOC 2 Type II, ISO 27001, CMMC or NIST 800-53 audit from start to finish.
Hands-on experience with GRC platforms (e.g., Hyperproof, Drata, Anecdotes AI) and security tools like CSPM or vulnerability scanners.
Experience working in a high-security research, academic, or national laboratory environment.
Excellent communication skills, empathy for customers, and an excitement to learn and get things done right.

Benefits

Comprehensive medical, dental, and vision plans
Matching 401K
Unlimited PTO and paid holidays
Parental/adoption leave
Legal insurance
Home technology stipend

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

NIST Risk Management FrameworkSOC 2PCINIST 800-53NIST 800-171CMMCPrivacy Impact AssessmentsData Protection Impact AssessmentsData GovernanceSecurity risk management

Soft Skills

communication skillsempathycollaborationleadershipproblem-solvingtrainingadaptabilityattention to detailorganizational skillsexcitement to learn

Certifications

Bachelor’s degree in Computer ScienceISO 27001CMMCNIST 800-53 auditGDPRCCPA/CPRA