IT Compliance Lead
About The Position
Voyager Technologies is seeking a detail-oriented, mission-driven IT Compliance / GRC Analyst to lead cybersecurity governance, regulatory compliance, and risk management activities across our space, aerospace, and defense programs. This role ensures the organization can securely handle Controlled Unclassified Information and (CUI), ITAR/export-controlled data while maintaining continuous compliance with: NIST SP 800-171, CMMC Level 2/3, DFARS 252.204-7012, ITAR / EAR Export Control, NASA / DoD contract security clauses. You will partner with IT, engineering, program management, legal, and contracts teams to translate regulatory requirements into practical, auditable controls that enable mission delivery — not slow it down. If you enjoy building order from complexity, preparing organizations for audits, and designing security programs that scale, you’ll thrive here.
Requirements
- High school diploma or equivalent
- 4–8+ years in cybersecurity, IT compliance, or GRC roles
- Experience supporting a regulated or defense contractor environment
- Hands-on knowledge of: NIST SP 800-171, CMMC, DFARS 252.204-7012, ITAR/EAR or export controls
- Experience creating SSPs and POA&Ms
- Experience preparing for audits or formal assessments
- Strong documentation and evidence management skills
- Excellent communication and cross-functional collaboration
- U.S. Person status required (ITAR eligibility)
- Ability to obtain a security clearance
Nice To Haves
- Experience with: Microsoft GCC High or Azure Government, FedRAMP or GovCloud environments, Supply chain cybersecurity risk management (SCRM), Government proposals / contract compliance
- Experience using GRC tools (Archer, ServiceNow GRC, Drata, etc.)
- Background in aerospace, space systems, or DoD programs
- Certifications (nice to have): CISM, CISSP, CRISC, CISA, CMMC RP/CCA/CCI, Security+
Responsibilities
- Own and maintain the organization’s cybersecurity compliance framework
- Map controls to: NIST 800-171, CMMC practices, DFARS clauses, ITAR/EAR requirements
- Develop and maintain: System Security Plans (SSPs), POA&Ms, Policies, standards, procedures, Control evidence repositories
- Establish continuous monitoring processes
- Lead preparation for: CMMC assessments (C3PAO), DCMA/DoD/NASA audits, Prime contractor reviews
- Coordinate evidence collection and artifact management
- Track remediation plans and closure metrics
- Conduct internal mock audits and gap assessments
- Serve as primary liaison for assessors and government representatives
- Conduct enterprise and system-level risk assessments
- Maintain risk register and mitigation plans
- Perform impact analysis for new technologies and programs
- Evaluate supplier and subcontractor cybersecurity posture
- Support incident reporting obligations (DFARS 7012 timelines)
- Ensure compliant handling of: CUI, ITAR/EAR technical data, Sensitive government information
- Define data classification and marking standards
- Support enclave design and segmentation strategies
- Advise teams on compliant collaboration (GCC High/Azure Gov, secure sharing)
- Work with: IT operations, Security/SOC teams, Engineering & DevOps, Contracts & Legal, Program Managers
- Integrate security requirements into new systems and proposals
- Support contract bids with compliance documentation
- Deliver CUI/ITAR handling and compliance awareness training
- Coach system owners on control ownership
- Promote “audit ready every day” mindset
- Lead tabletop exercises and readiness drills
Benefits
- competitive salary
- discretionary annual bonus plan
- paid time off (PTO)
- comprehensive health benefit package
- retirement savings
- wellness program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
High school or GED
