Director of Information Security Governance, Risk, and Compliance (GRC)
About The Position
At LeoLabs, weâre building the living map of activity in space. Through our proprietary global radar network and AI-enabled analytics platform, we collect millions of measurements daily on more than 241,000 objects in low Earth orbit (LEO). Our radar-powered intelligence protects billions in assets, monitors adversarial behavior, and ensures safe operations for commercial and government missions. Weâre not just building technology, we are redefining global security, safety, and transparency in space. As orbital activity accelerates and threats grow more complex, LeoLabs is a trusted partner for Space Domain Awareness, Space Traffic Management, and Satellite Operations for top-tier space operators and allied defense organizations. If you're looking to work on mission-critical challenges at the forefront of aerospace, national security, and AI, your impact starts here. Director, Information Security Governance, Risk & Compliance (GRC) Summary: This role leads LeoLabsâ global Information Security Governance, Risk, and Compliance (GRC) programs, reporting to the Chief Legal Officer (CLO) and working in direct partnership with the Chief Operating Officer (COO). The Director drives enterprise-wide cybersecurity strategy, risk management, and compliance initiatives â ensuring protection of critical business processes, IT systems, and Operational Technology infrastructure. The role requires strong technical expertise, leadership acumen, and the ability to balance strategic direction with tactical execution across multiple geographies and stakeholders. Top Priorities Lead and mature the enterprise cybersecurity and GRC strategy â build scalable governance frameworks and ensure alignment with business goals. Assess and mitigate organizational risk â conduct risk assessments, close compliance gaps, and drive remediation of vulnerabilities. Ensure regulatory and contractual compliance â manage frameworks such as FedRAMP, CMMC, NIST, ISO 27001, GDPR, and others. Oversee incident response and resilience â develop and execute response plans, lead cross-functional remediation, and report to executive leadership. Partner across the enterprise â build collaboration with Legal, HR, IT, and Operations to embed security and compliance awareness. Drive major transformation initiatives â including AI adoption risk frameworks, Post-Quantum Cryptography, and Zero Trust architecture implementation.
Requirements
- 10â12 years of related experience, with 5+ years in supervisory or program/project management roles.
- Expertise in cybersecurity governance, risk management, and compliance frameworks (NIST 800-53/171, CMMC, ISO 27001, Cloud Security Alliance).
- Strong grasp of cloud infrastructure, access controls, and change management.
- Demonstrated experience with agile methodologies and organizational change management.
- Excellent executive communication, analytical, and problem-solving skills.
- Proven ability to manage competing priorities in a fast-paced, global environment.
- Results-oriented with exceptional attention to detail and accountability.
Nice To Haves
- Bachelorâs Degree required; advanced degree in Information Security or Computer Information Technology preferred.
- Certifications such as CISSP, CISM, CRISC, CISA highly desirable.
Responsibilities
- Develop, implement, and monitor a comprehensive enterprise cybersecurity and risk management program.
- Oversee tactical execution of short- and long-term objectives for all GRC activities, including budget, staffing, and performance outcomes.
- Establish performance metrics and transparent reporting to demonstrate organizational and operational security health.
- Conduct enterprise and tactical risk assessments to identify critical risks and vulnerabilities.
- Develop remediation plans to mitigate risks to confidentiality, integrity, and availability of data.
- Lead compliance readiness efforts (e.g., FedRAMP, CMMC, ATO frameworks, NIST CSF, ISO 27001, GDPR, FAR/DFAR, CCPA).
- Implement and manage third-party Vendor Risk Management and assessment programs.
- Define, enforce, and maintain security policies, standards, and procedures in collaboration with stakeholders.
- Manage periodic audits and compliance assessments, reporting on program maturity, risk posture, and performance to executives.
- Lead the adoption of eGRC tools and automation to improve visibility and accountability across business units.
- Lead development and execution of the incident response plan; coordinate investigations and remediation activities.
- Partner with threat intelligence and vulnerability management teams to prioritize and close high-risk issues.
- Ensure that security controls and technologies are properly configured and continuously monitored.
- Build strong partnerships with Legal, Security, Compliance, HR, IT, and Operations teams.
- Foster a security-first culture through training and awareness programs.
- Serve as a key point of contact for internal and external audits, customer inquiries, and global stakeholder engagement.
- Serve as lead for SCIF accreditation and COMSEC custodianship in accordance with classified security requirements.
- Lead innovation initiatives including: Development of AI Risk Frameworks tailored to LeoLabsâ environment.
- Preparation for Quantum Computing and Post-Quantum Cryptography adoption.
- Implementation and ongoing maturity of Zero Trust principles across the enterprise.
Benefits
- Global workforce: flexible remote/hybrid opportunities
- Work on complex, meaningful missions with real-world impact
- Unlimited paid time off for most roles
- Competitive salary and equity packages
- Comprehensive health, dental, and vision coverage
- Access to the forefront of commercial space operations and defense innovation
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
Number of Employees
101-250 employees
