Infosec Manager, GRC

Job not on LinkedIn

October 21

🌵 Arizona – Remote

Although this job is listed in Arizona, this company may be open to hiring remote in other states.

🏄 California – Remote

Although this job is listed in California, this company may be open to hiring remote in other states.

+27 more states

🌵 Arizona – Remote 🏄 California – Remote ⛰️ Colorado – Remote 🐊 Florida – Remote 🌺 Hawaii – Remote 🌽 Illinois – Remote 🌪️ Kansas – Remote 🦬 Montana – Remote 🎰 Nevada – Remote 🏖️ New Jersey – Remote 🌶️ New Mexico – Remote 🗽 New York – Remote 🌲 North Carolina – Remote 🌲 Oregon – Remote 🦀 Maryland – Remote 🍂 Massachusetts – Remote 🚗 Michigan – Remote ❄️ Minnesota – Remote 🏰 Missouri – Remote ⚓ Rhode Island – Remote 🎸 Tennessee – Remote 🤠 Texas – Remote ⛷️ Utah – Remote 🍁 Vermont – Remote ⚔️ Virginia – Remote ☕ Washington – Remote ⛰️ West Virginia – Remote 🧀 Wisconsin – Remote

⏰ Full Time

🟠 Senior

🔴 Lead

🚔 Compliance

Apply Now

Receive Emails with Similar Jobs

Slingshot Aerospace

WebsiteLinkedInAll Job Openings

Aerospace • Artificial Intelligence • Security

Slingshot Aerospace is a leading AI and data-driven platform focused on optimizing satellite operations and enhancing space traffic coordination for operators worldwide. Renowned for its innovative solutions in space domain awareness, Slingshot Aerospace provides advanced tools for space security, defense missions, training, and market analysis. The company's comprehensive offerings include space object tracking, AI-driven training agents, and astrodynamics services. Through its Global Sensor Network and sophisticated data fusion techniques, Slingshot transforms disparate space data into actionable insights, improving operational efficiency and reducing risks in an increasingly complex orbital environment. Trusted by government and commercial space operators, Slingshot Aerospace is committed to making the space domain safe, sustainable, and secure for future generations.

51 - 200 employees

Founded 2020

🚀 Aerospace

🤖 Artificial Intelligence

🔐 Security

💰 $25.2M Grant on 2022-03

📋 Description

• Lead the company’s information security and compliance strategy in partnership with senior IT and Infosec leadership. • Guide and mentor IT, Infosec, and GRC staff and contractors while remaining directly engaged in technical work. • Define long-term roadmaps for security, compliance, and infrastructure that align with business goals and technology growth. • Build out and mature IT and Infosec capabilities for USA, U.K. and international operations, aligning technical controls and compliance with regional requirements. • Deliver regular metrics and program status to executive leadership and customers to demonstrate compliance, risk posture, and control maturity. • Manage compliance operations including SSPs, POA&Ms, control testing, risk assessments, and audits for CMMC 2.0 and NIST 800-171. • Develop and maintain documentation, evidence, and controls to support new or evolving frameworks such as ISO 27001, Cyber Essentials Plus, GDPR, and other standards as required by customers or regulators. • Maintain evidence and documentation in platforms such as Vanta and Paramify, ensuring continuous audit readiness. • Support Sales, Growth, and Legal teams with security questionnaires, RFIs, and RFPs, providing timely and accurate assurance documentation. • Maintain federal and customer compliance portals (SPRS, eMASS) with current and complete records. • Oversee third-party and vendor risk management, ensuring supply chain partners meet security and compliance standards. • Partner with IT and Engineering to architect secure cloud, SaaS, and on-premises systems across AWS and Azure. • Implement network and infrastructure security in collaboration with DevSecOps, IT, and Engineering teams, ensuring consistent security standards across environments. • Coordinate with Development, Data, and Operations groups to embed secure design, testing, and deployment practices throughout the software lifecycle. • Implement network segmentation and zero-trust access models; coordinate VPN, firewall, and remote access controls. • Operate and enhance endpoint, identity, and network defenses using CrowdStrike, Zscaler, Okta, Microsoft Entra ID, Wiz, and Tenable. • Run SIEM/SOAR or equivalent log analytics and automation (e.g., Splunk) to improve detection and response. • Lead incident response from detection through recovery, maintaining detailed playbooks and conducting tabletop exercises. • Oversee and manage the company’s security awareness and user training programs using platforms such as KnowBe4 or similar tools, ensuring all employees remain informed, compliant, and vigilant against evolving threats. • Develop internal automation and tooling using Python, Go, or PowerShell for compliance evidence, monitoring, and reporting. • Apply Infrastructure-as-Code and Policy-as-Code principles using Terraform, Ansible, or CloudFormation to enforce security baselines. • Collaborate with software and product engineering teams to embed security into CI/CD pipelines, APIs, and customer-facing services. • Provide expertise in Okta CIAM/CIS and Auth0 for secure customer identity and access flows. • Own data-protection controls including encryption, key management, DLP, and data classification aligned to regional compliance. • Lead business-continuity (BCP) and disaster-recovery (DR) testing; document findings and corrective actions. • Strengthen backup and recovery programs for multi-cloud and hybrid environments. • Support secure adoption of emerging technologies such as AI, automation, and advanced analytics within governance frameworks. • Extend and strengthen Slingshot’s IT, Infosec, and compliance programs across U.K., E.U., and other international operations, maintaining data sovereignty and regulatory alignment.

🎯 Requirements

• CISSP certification required. • CMMC Certified Professional (CCP) preferred, or ability to obtain certification. • 8+ years of progressive experience across IT, information security, networking, and GRC. • Familiarity with CMMC 2.0 and NIST 800-171, with understanding of ISO 27001, Cyber Essentials Plus, GDPR, and the ability to support other frameworks as needed. • Proven ability to lead IT and Infosec programs while remaining hands-on with engineering, automation, and incident response. • Strong coding and scripting skills in Python, Go, or PowerShell, with experience building internal tools or integrations. • Expertise in IAM, endpoint protection, cloud security, data protection, and zero-trust architecture. • Experience with tools such as CrowdStrike, Zscaler, Wiz, Tenable, Vanta, Paramify, Okta, and Microsoft Entra ID. • Excellent written and verbal communication skills with the ability to work across technical, operational, and executive teams. • U.S. citizenship and TS/SCI eligibility required. • International experience and multi-region program management are highly valued.

🏖️ Benefits

• U.S. citizenship and TS/SCI eligibility required. • Equity, Diversity & Inclusion are key to our success.