Principal Cyber Compliance Analyst

The Principal Cyber Compliance Analyst is responsible for leading the organizations Governance, Risk, and Compliance initiatives. This role focuses on maintaining CMMC Level 2 and NIST 800-171 compliance as well as conducting risk assessments, leading internal audits, and developing policies and procedures that align compliance with business objectives. 

• Category: IT
• Location: Mojave, CA
• Citizenship Required: United States Citizenship
• Clearance Type: None
• Schedule: 9/80 Work Schedule
• Benefits: 100% Paid Benefits and 401k Matching 

Summary:

Founded by legendary aircraft designer Burt Rutan, Scaled Composites is a 40+ year-old aerospace company continually working to push boundaries, prove out ideas, and influence the future. We are a rapid prototyping and manufacturing facility, designing, building, and testing proof-of-concept and prototype vehicles. We have flown an average of one new aircraft type per year over our 41-year history such as Proteus, GlobalFlyer, SpaceShipOne, Model 401, and Stratolaunch.

Duties/Responsibilities:

• Lead governance, risk, and compliance efforts related to NIST 800-171, CMMC Level 2, and CIS controls, ensuring ongoing alignment with regulatory and contractual obligations.
• Develop, maintain, and enforce internal information security policies and procedures.
• Collaborate with other departments and stakeholders to ensure compliance requirements are met throughout business processes.
• Perform risk assessments and gap analyses, recommending remediation strategies to reduce organizational risk.
• Prepare documentation, evidence, and reports for audits, assessments, and customer requests.
• Generate PO&M’s where necessary and see them through to closure. 
• Monitor evolving regulatory and compliance landscapes (e.g., CMMC updates, NIST revisions) and advise leadership on implications.
• Participate in tabletop exercises to clarify roles and responsibilities during incidents, ensuring a swift execution of an established incident response plan.
• Drive continuous improvement of the organization’s GRC program by identifying deficiencies and strengthening adherence to policies and procedures. 

Required Skills/Abilities:

• Strong working knowledge of: NIST 800-171 controls and assessment methodology, CMMC certification framework and CIS Control implementation/benchmarking.
• Working knowledge in creating Information security policies, standards, and procedures.
• Ability to manage multiple projects simultaneously under frequently changing priorities. 
• Experience conducting risk assessments, audits, and policy reviews.
• Good organizational skills and attention to detail.
• Good time management skills with a proven ability to meet deadlines.
• Ability to perform effectively in a high-paced and dynamic environment.
• Proficient with Microsoft Office Suite or related software. 
• Ability to obtain and maintain a DoD Secret Clearance

Education And Experience:

• Bachelor’s degree in a related discipline with 5 years experience; or 9 years of experience in lieu of a degree
• Relevant professional or higher level certification such as CISSP, GSP, CRISC, or CISA is required, or the ability to obtain within 6 months of hire. 

Essential Functions:

• Requires mobility and the ability to bend and reach 
• May infrequently require lifting, carrying, pushing, and/or pulling materials weighing up to 30 pounds. 
• Manual dexterity and coordination are required; repetitive hand motion (e.g., to operate computer keyboard) 
• Vision at close distances and the ability to adjust focus for prolonged periods (i.e., computer screen)
• Ability to remain sedentary or stationary for prolonged periods of time 
• Ability to write for extended periods of time 
• Ability to work in an office setting for prolonged periods of time
• May be asked to carry up to 20 lbs. up and down a flight of stairs on a regular basis such as files, books, office equipment, etc. 
• Occasional reaching overhead and lifting up to 15 pounds
• Ability to converse and communicate information with others
• Occasional exposure to chemical vapors and/or fumes in low non-hazardous concentration
• Potential to climb up and down steps on a daily basis
• Must be able to read and understand SDS