Senior Cyber Risk & Compliance Specialist

York Space Systems was founded to radically improve spacecraft affordability and reliability, transforming, and enabling next- generation space mission operations worldwide. Today, York is one of the most innovative aerospace companies, specializing in end-to-end customer solutions and the rapid production of spacecraft platforms. York's complete Space Segment Solution includes spacecraft production, payload integration, system integration & test, launch services, ground segment services, and mission operations, enabling customers to leverage York's existing technology solutions to get to orbit rapidly and responsively. We're looking to expand our team across the board.

Position Summary
York Space Systems is seeking a Senior Cyber Risk & Compliance Specialist to support and mature the company's cybersecurity governance, risk, and compliance programs. This individual will serve as a senior member of the Cybersecurity organization and play a critical role in driving CMMC Level 2 certification readiness, enterprise cyber risk management, audit support, third-party risk management, and cybersecurity governance initiatives.

This role requires an experienced cybersecurity professional capable of independently leading projects, collaborating with technical and business stakeholders, and translating regulatory and security requirements into practical, scalable solutions that support York's business objectives and national security mission.

Why Join York?
Opportunity to support one of the fastest-growing aerospace and defense companies in the industry
Direct impact on cybersecurity, compliance, and risk management initiatives supporting national security missions
Exposure to CMMC, NIST SP 800-171, GCC High, enterprise cybersecurity governance, and AI governance programs
Opportunity to help build and mature a rapidly growing cybersecurity organization
TS/SCI clearance sponsorship for qualified cybersecurity personnel

Key Responsibilities
Lead CMMC Level 2 implementation, readiness activities, and assessment preparation
Own control testing, validation, and compliance monitoring activities
Manage and mature the Plan of Action & Milestones (POA&M) program
Conduct enterprise cyber risk assessments and facilitate risk management activities
Maintain and mature the enterprise cyber risk register
Perform control gap analyses and develop remediation recommendations
Lead cybersecurity vendor and third-party risk reviews
Support SOX IT General Controls (ITGC) compliance activities and audit engagements
Coordinate internal and external audit responses
Develop, maintain, and improve cybersecurity policies, standards, baselines, and procedures
Support enterprise AI governance and cybersecurity governance initiatives
Partner with IT, Engineering, Security Operations, Legal, HR, and business stakeholders to drive compliance and risk reduction efforts
Support governance and oversight of cybersecurity technologies and platforms including Microsoft GCC High, identity and access management solutions, endpoint security technologies, and compliance management platforms
Mentor junior team members and provide guidance on cybersecurity governance and compliance best practices
Independently manage cybersecurity projects and program initiatives from planning through execution

Required Qualifications
7+ years of cybersecurity, risk, compliance, audit, governance, or related experience
Experience supporting one or more cybersecurity frameworks such as CMMC, NIST SP 800-171, NIST Cybersecurity Framework (CSF), RMF, ISO 27001, FedRAMP, SOC 2, or SOX
Experience conducting risk assessments and control evaluations
Experience supporting audits, assessments, or regulatory compliance initiatives
Strong understanding of cybersecurity risk management principles
Excellent written and verbal communication skills
Ability to work effectively across technical and non-technical teams
Strong project management and organizational skills
Ability to obtain a US security clearance
Willingness to work onsite at our Greenwood Village, CO location
ship

Preferred Qualifications
Experience in the following areas:
Supporting defense, aerospace, government contracting, or highly regulated environments
Supporting Microsoft GCC High environments
Hyperproof or similar GRC platforms
Supporting cybersecurity governance initiatives in cloud and hybrid enterprise environments
Supporting AI governance, data governance, or emerging technology governance programs

Preferred Certifications
CISSP
CRISC
CISA
CMMC CCP or CCA
Security+

Benefits
In addition to compensation, York Space Systems is proud to offer a comprehensive benefits package including medical, dental, and vision insurance along with PTO and a 401K.

How To Apply
Interested candidates are encouraged to apply by clicking the "Apply" link at the top of the page. York Space Systems will be accepting applications on a rolling basis until the position is closed. York Space Systems provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, military or protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Must have permanent authorization to work in the United States. This policy applies to all terms and conditions or employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. YORK SPACE SYSTEMS IS AN EEO EMPLOYER.