Senior Cyber Risk & Compliance Specialist
About The Position
York Space Systems is seeking a Senior Cyber Risk & Compliance Specialist to support and mature the company's cybersecurity governance, risk, and compliance programs. This individual will serve as a senior member of the Cybersecurity organization and play a critical role in driving CMMC Level 2 certification readiness, enterprise cyber risk management, audit support, third-party risk management, and cybersecurity governance initiatives. This role requires an experienced cybersecurity professional capable of independently leading projects, collaborating with technical and business stakeholders, and translating regulatory and security requirements into practical, scalable solutions that support York's business objectives and national security mission.
Requirements
- 7+ years of cybersecurity, risk, compliance, audit, governance, or related experience
- Experience supporting one or more cybersecurity frameworks such as CMMC, NIST SP 800-171, NIST Cybersecurity Framework (CSF), RMF, ISO 27001, FedRAMP, SOC 2, or SOX
- Experience conducting risk assessments and control evaluations
- Experience supporting audits, assessments, or regulatory compliance initiatives
- Strong understanding of cybersecurity risk management principles
- Excellent written and verbal communication skills
- Ability to work effectively across technical and non-technical teams
- Strong project management and organizational skills
- Ability to obtain a US security clearance
- Willingness to work onsite at our Greenwood Village, CO location
- US Citizenship
Nice To Haves
- Supporting defense, aerospace, government contracting, or highly regulated environments
- Supporting Microsoft GCC High environments
- Hyperproof or similar GRC platforms
- Supporting cybersecurity governance initiatives in cloud and hybrid enterprise environments
- Supporting AI governance, data governance, or emerging technology governance programs
- CISSP
- CRISC
- CISA
- CMMC CCP or CCA
- Security+
Responsibilities
- Lead CMMC Level 2 implementation, readiness activities, and assessment preparation
- Own control testing, validation, and compliance monitoring activities
- Manage and mature the Plan of Action & Milestones (POA&M) program
- Conduct enterprise cyber risk assessments and facilitate risk management activities
- Maintain and mature the enterprise cyber risk register
- Perform control gap analyses and develop remediation recommendations
- Lead cybersecurity vendor and third-party risk reviews
- Support SOX IT General Controls (ITGC) compliance activities and audit engagements
- Coordinate internal and external audit responses
- Develop, maintain, and improve cybersecurity policies, standards, baselines, and procedures
- Support enterprise AI governance and cybersecurity governance initiatives
- Partner with IT, Engineering, Security Operations, Legal, HR, and business stakeholders to drive compliance and risk reduction efforts
- Support governance and oversight of cybersecurity technologies and platforms including Microsoft GCC High, identity and access management solutions, endpoint security technologies, and compliance management platforms
- Mentor junior team members and provide guidance on cybersecurity governance and compliance best practices
- Independently manage cybersecurity projects and program initiatives from planning through execution
Benefits
- medical
- dental
- vision insurance
- PTO
- 401K
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
