Description

Reusable launch systems depend on security, compliance, and risk management that enable speed without compromising the mission. As a GRC Security Architect, you will own the security governance, risk, and compliance architecture for Stoke’s NOVA program as we build and scale a fully reusable launch vehicle.

This is a hands-on role with end-to-end ownership of how security requirements become practical, auditable, and scalable controls across the company. You will define and drive the policies, standards, control implementations, risk processes, and evidence systems that support frameworks such as NIST 800-171, NIST 800-53, CMMC, DFARS, CUI, ITAR, and other customer or regulatory requirements. You will work directly with SMEs across IT, security, software, infrastructure, engineering, manufacturing, legal, finance, and operations to translate complex obligations into controls that are clear, effective, and realistic for a fast-moving rocket company. You own the outcome, not just the checklist.

We are a small, highly motivated team. You will work shoulder-to-shoulder with engineers, system owners, business leaders, and operations teams to identify risk, design practical mitigations, prepare for audits and assessments, and build a security program that enables the company to move fast while protecting sensitive information and mission-critical systems.

You must be ready to stay focused, move quickly, self-direct, and learn on the fly.

Responsibilities

• Lead the design, implementation, and continuous improvement of the company’s governance, risk, and compliance program for our NOVA program
• Architect security and compliance controls that support a regulated aerospace environment, including systems that may process or support CUI, ITAR-controlled data, export-controlled information, proprietary engineering data, and other sensitive business information
• Own and mature the company’s risk management process, including risk identification, assessment, treatment planning, exception handling, control validation, and executive-level risk reporting
• Define, document, and maintain security policies, standards, procedures, control narratives, and implementation guidance aligned with frameworks such as NIST SP 800-171, NIST SP 800-53, CMMC, SOC 2, ISO 27001, DFARS, FedRAMP-informed cloud security practices, and other applicable requirements
• Translate regulatory and contractual security requirements into practical, scalable technical and operational controls that can be implemented by IT, Engineering, Manufacturing, Software, Legal, Finance, and business teams
• Partner with IT and software engineering teams to design security controls that are effective, auditable, and compatible with fast-moving technical operations
• Develop and maintain key compliance artifacts, including control mappings, system security plans, control implementation statements, risk registers, POA&Ms, evidence repositories, audit responses, and executive summaries
• Lead internal readiness activities for audits, assessments, customer security reviews, and third-party compliance engagements
• Evaluate proposed systems, tools, vendors, cloud services, and business processes for security, compliance, data protection, and regulatory risk
• Provide security architecture guidance for sensitive systems, including identity and access management, logging and monitoring, endpoint protection, vulnerability management, network segmentation, secure cloud design, data handling, and secure software development practices
• Identify opportunities to automate evidence collection, control monitoring, compliance reporting, and risk tracking
• Serve as a senior advisor to technical and business leaders on security risk, compliance obligations, control tradeoffs, and practical implementation paths
• Perform additional duties as needed to support company security, compliance, and mission objectives

Qualifications

• 7+ years of experience in information security, security architecture, GRC, compliance engineering, infrastructure security, or related roles
• Exceptional understanding of IT and security architecture across applications, networks, servers, storage, identity systems, endpoint platforms, SaaS, cloud infrastructure, and hybrid environments
• Strong working knowledge of governance, risk, and compliance frameworks, including NIST SP 800-171, NIST SP 800-53, CMMC, SOC 2, ISO 27001, and related security control models
• Ability to interpret regulatory, contractual, and framework requirements and translate them into actionable technical and operational controls
• Strong understanding of risk management practices, including risk assessment, risk treatment, exception management, compensating controls, and executive risk communication
• Experience building or maturing security documentation, including policies, standards, procedures, control implementation statements, SSPs, POA&Ms, risk registers, and audit evidence packages
• Strong analytical and problem-solving skills, with sound judgment when balancing security, compliance, business velocity, and operational practicality
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field, or equivalent practical experience

Preferred Qualifications

• Experience operating in regulated environments subject to NIST SP 800-171, CMMC, DFARS, NIST SP 800-53, FedRAMP, ISO 27001, SOC 2, CUI handling, ITAR, export control, aerospace, defense, or other government-driven security requirements
• Experience designing security and compliance programs for fast-growing organizations where processes, systems, and controls must be built while the business is scaling
• Experience supporting or preparing for CMMC, SOC 2, ISO 27001, government customer reviews, or other formal security assessments
• Experience with secure software development lifecycle practices, including threat modeling, secure code review processes, CI/CD security controls, software supply chain risk management, and vulnerability remediation workflows
• Professional security certifications such as CISSP, CISM, CISA, GIAC, or equivalent practical experience
• Prior experience in a startup, aerospace, defense, manufacturing, engineering, or highly technical environment

Benefits

• Equity – We know that our employees are the reason we succeed. To give everyone a stake in our future, we are pleased to offer equity in the form of stock options to all regular, full-time employees.
• Comprehensive benefits program including subsidized medical, dental, and vision insurance
• Company-paid life and disability insurance
• 401(k) plan with employer match
• 4 weeks’ Paid Time Off
• Holidays – 10 days (including an end-of-year closure)
• Paid Family/Parental Leave
• On-site gym or monthly wellness stipend (depending on location)
• Dog friendly offices!

Compensation

Target Levels:

• Level 4 Range: $160,230 - $240,450
• Level 5 Range: $192,360 - $288,435

Our job posts are intentionally written to attract a wide variety of experience levels, and we make decisions about the right fit on a per-candidate basis.

Your actual level and base salary will be decided based on your specific experience and skill level.