Senior Governance, Risk, and Compliance Engineer
I
IonQQuantum Computing
This position can work onsite or hybrid from one of our offices or fully remote in the US.Full-TimeSenior
Salary110,336 - 144,459 USD per year
Apply NowOpens the employer's application page
Job Details
- Experience
- 5–8 years
- Required Skills
- Risk Management
Requirements
- 5–8 years of professional experience in cybersecurity compliance, GRC, or security engineering.
- Demonstrated hands-on ownership of NIST SP 800-171 and CMMC compliance programs.
- Proven track record developing SSPs, POA&Ms, and C3PAO assessment artifacts.
- Deep working knowledge of DFARS cybersecurity clauses (7012, 7019, 7020) and CMMC 2.0 framework structure.
- Technical background in systems administration, cloud security, or security engineering.
- Experience leading cross-functional compliance initiatives.
- Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience.
Responsibilities
- Architect and own end-to-end CMMC implementation and audit readiness, including scoping strategy, control mapping, SSP and POA&M development, evidence collection, and remediation tracking across the organization.
- Interpret and apply DFARS clause requirements, translating contractual obligations into operational controls and owning accurate SPRS submissions.
- Lead recurring internal audits of NIST 800-171 security controls and drive end-to-end preparation for C3PAO assessments.
- Architect CUI environments to meet CMMC boundary requirements, including network segmentation, access control, media protection, and FIPS-validated encryption.
- Drive implementation of technical controls across NIST 800-171 practice families, including MFA, audit logging, configuration management, incident response, and vulnerability management.
- Serve as the primary CMMC subject matter expert at IonQ, developing compliance roadmaps and facilitating readiness workshops.
- Partner with legal and contracts teams to review FAR/DFARS clauses in new and existing contracts and lead coordination with regulatory teams on ITAR and EAR obligations.
- Develop and operate a formal risk management program, maintain a risk register, and provide regular executive-level reporting.
- Own and mature the organization’s GRC platform to support evidence management, POA&M tracking, and risk register maintenance.
View Full Description & ApplyYou'll be redirected to the employer's site
