GRC Security Architect

Stoke Space•Kent, WA

1d•Onsite

About The Position

At Stoke, we believe a thriving space economy will enable a vibrant, sustainable, and equitable future here on Earth. That is why we’re building Nova, our fully and rapidly reusable launch vehicle. Designed for daily flight, Nova tackles the core challenges of space transportation by reducing cost, increasing availability, and improving reliability. By radically lowering launch costs and increasing flight cadence, we’re helping create a truly scalable space industry. Our team is mission-driven, collaborative, and empowered to take ownership of their work. If you want to work alongside some of the most dedicated and talented people on Earth, we’d love to have you join us. Description Reusable launch systems depend on security, compliance, and risk management that enable speed without compromising the mission. As a GRC Security Architect, you will own the security governance, risk, and compliance architecture for Stoke’s NOVA program as we build and scale a fully reusable launch vehicle. This is a hands-on role with end-to-end ownership of how security requirements become practical, auditable, and scalable controls across the company. You will define and drive the policies, standards, control implementations, risk processes, and evidence systems that support frameworks such as NIST 800-171, NIST 800-53, CMMC, DFARS, CUI, ITAR, and other customer or regulatory requirements. You will work directly with SMEs across IT, security, software, infrastructure, engineering, manufacturing, legal, finance, and operations to translate complex obligations into controls that are clear, effective, and realistic for a fast-moving rocket company. You own the outcome, not just the checklist. We are a small, highly motivated team. You will work shoulder-to-shoulder with engineers, system owners, business leaders, and operations teams to identify risk, design practical mitigations, prepare for audits and assessments, and build a security program that enables the company to move fast while protecting sensitive information and mission-critical systems. You must be ready to stay focused, move quickly, self-direct, and learn on the fly.

Requirements

7+ years of experience in information security, security architecture, GRC, compliance engineering, infrastructure security, or related roles
Exceptional understanding of IT and security architecture across applications, networks, servers, storage, identity systems, endpoint platforms, SaaS, cloud infrastructure, and hybrid environments
Strong working knowledge of governance, risk, and compliance frameworks, including NIST SP 800-171, NIST SP 800-53, CMMC, SOC 2, ISO 27001, and related security control models
Ability to interpret regulatory, contractual, and framework requirements and translate them into actionable technical and operational controls
Strong understanding of risk management practices, including risk assessment, risk treatment, exception management, compensating controls, and executive risk communication
Experience building or maturing security documentation, including policies, standards, procedures, control implementation statements, SSPs, POA&Ms, risk registers, and audit evidence packages
Strong analytical and problem-solving skills, with sound judgment when balancing security, compliance, business velocity, and operational practicality
Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field, or equivalent practical experience

Nice To Haves

Experience operating in regulated environments subject to NIST SP 800-171, CMMC, DFARS, NIST SP 800-53, FedRAMP, ISO 27001, SOC 2, CUI handling, ITAR, export control, aerospace, defense, or other government-driven security requirements
Experience designing security and compliance programs for fast-growing organizations where processes, systems, and controls must be built while the business is scaling
Experience supporting or preparing for CMMC, SOC 2, ISO 27001, government customer reviews, or other formal security assessments
Experience with secure software development lifecycle practices, including threat modeling, secure code review processes, CI/CD security controls, software supply chain risk management, and vulnerability remediation workflows
Professional security certifications such as CISSP, CISM, CISA, GIAC, or equivalent practical experience
Prior experience in a startup, aerospace, defense, manufacturing, engineering, or highly technical environment

Responsibilities

Lead the design, implementation, and continuous improvement of the company’s governance, risk, and compliance program for our NOVA program
Architect security and compliance controls that support a regulated aerospace environment, including systems that may process or support CUI, ITAR-controlled data, export-controlled information, proprietary engineering data, and other sensitive business information
Own and mature the company’s risk management process, including risk identification, assessment, treatment planning, exception handling, control validation, and executive-level risk reporting
Define, document, and maintain security policies, standards, procedures, control narratives, and implementation guidance aligned with frameworks such as NIST SP 800-171, NIST SP 800-53, CMMC, SOC 2, ISO 27001, DFARS, FedRAMP-informed cloud security practices, and other applicable requirements
Translate regulatory and contractual security requirements into practical, scalable technical and operational controls that can be implemented by IT, Engineering, Manufacturing, Software, Legal, Finance, and business teams
Partner with IT and software engineering teams to design security controls that are effective, auditable, and compatible with fast-moving technical operations
Develop and maintain key compliance artifacts, including control mappings, system security plans, control implementation statements, risk registers, POA&Ms, evidence repositories, audit responses, and executive summaries
Lead internal readiness activities for audits, assessments, customer security reviews, and third-party compliance engagements
Evaluate proposed systems, tools, vendors, cloud services, and business processes for security, compliance, data protection, and regulatory risk
Provide security architecture guidance for sensitive systems, including identity and access management, logging and monitoring, endpoint protection, vulnerability management, network segmentation, secure cloud design, data handling, and secure software development practices
Identify opportunities to automate evidence collection, control monitoring, compliance reporting, and risk tracking
Serve as a senior advisor to technical and business leaders on security risk, compliance obligations, control tradeoffs, and practical implementation paths
Perform additional duties as needed to support company security, compliance, and mission objectives

Benefits

Equity in the form of stock options
Comprehensive benefits program including subsidized medical, dental, and vision insurance
Company-paid life and disability insurance
401(k) plan with employer match
4 weeks’ Paid Time Off
10 holidays (including an end-of-year closure)
Paid Family/Parental Leave
On-site gym or monthly wellness stipend (depending on location)
Dog friendly offices!

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume