The Principal Cyber Compliance Analyst is responsible for leading the organizations Governance, Risk, and Compliance initiatives. This role focuses on maintaining CMMC Level 2 and NIST 800-171 compliance as well as conducting risk assessments, leading internal audits, and developing policies and procedures that align compliance with business objectives. 

Category: IT

Location: Mojave, CA

Citizenship Required: United States Citizenship

Clearance Type: None

Schedule: 9/80 Work Schedule

Benefits: 100% Paid Benefits and 401k Matching 

 

Summary: 

Founded by legendary aircraft designer Burt Rutan, Scaled Composites is a 40+ year-old aerospace company continually working to push boundaries, prove out ideas, and influence the future. We are a rapid prototyping and manufacturing facility, designing, building, and testing proof-of-concept and prototype vehicles. We have flown an average of one new aircraft type per year over our 41-year history such as Proteus, GlobalFlyer, SpaceShipOne, Model 401, and Stratolaunch.

Duties/Responsibilities:

Lead governance, risk, and compliance efforts related to NIST 800-171, CMMC Level 2, and CIS controls, ensuring ongoing alignment with regulatory and contractual obligations.Develop, maintain, and enforce internal information security policies and procedures.Collaborate with other departments and stakeholders to ensure compliance requirements are met throughout business processes.Perform risk assessments and gap analyses, recommending remediation strategies to reduce organizational risk.Prepare documentation, evidence, and reports for audits, assessments, and customer requests.Generate PO&M’s where necessary and see them through to closure. Monitor evolving regulatory and compliance landscapes (e.g., CMMC updates, NIST revisions) and advise leadership on implications.Participate in tabletop exercises to clarify roles and responsibilities during incidents, ensuring a swift execution of an established incident response plan.Drive continuous improvement of the organization’s GRC program by identifying deficiencies and strengthening adherence to policies and procedures. 

Required Skills/Abilities: 

Strong working knowledge of: NIST 800-171 controls and assessment methodology, CMMC certification framework and CIS Control implementation/benchmarking.Working knowledge in creating Information security policies, standards, and procedures.Ability to manage multiple projects simultaneously under frequently changing priorities. Experience conducting risk assessments, audits, and policy reviews.Good organizational skills and attention to detail.Good time management skills with a proven ability to meet deadlines.Ability to perform effectively in a high-paced and dynamic environment.Proficient with Microsoft Office Suite or related software. Ability to obtain and maintain a DoD Secret Clearance

 Education and Experience:

Bachelor’s degree in a related discipline with 5 years experience; or 9 years of experience in lieu of a degreeRelevant professional or higher level certification such as CISSP, GSP, CRISC, or CISA is required, or the ability to obtain within 6 months of hire. 

Essential Functions: 

Requires mobility and the ability to bend and reach May infrequently require lifting, carrying, pushing, and/or pulling materials weighing up to 30 pounds. Manual dexterity and coordination are required; repetitive hand motion (e.g., to operate computer keyboard) Vision at close distances and the ability to adjust focus for prolonged periods (i.e., computer screen)Ability to remain sedentary or stationary for prolonged periods of time Ability to write for extended periods of time Ability to work in an office setting for prolonged periods of timeMay be asked to carry up to 20 lbs. up and down a flight of stairs on a regular basis such as files, books, office equipment, etc. Occasional reaching overhead and lifting up to 15 poundsAbility to converse and communicate information with othersOccasional exposure to chemical vapors and/or fumes in low non-hazardous concentrationPotential to climb up and down steps on a daily basisMust be able to read and understand SDS