Senior Cybersecurity Compliance Specialist

Senior Cybersecurity Compliance Specialist – NASA Mission Cloud

Overview
The Senior Cybersecurity Compliance Specialist for NASA Mission Cloud is responsible for leading governance, risk, and compliance (GRC) efforts to ensure mission-critical cloud systems meet stringent federal cybersecurity standards. This role drives the implementation and continuous monitoring of security controls across cloud environments supporting spaceflight, research, and data operations. The specialist partners with engineering, security, and mission teams to maintain compliance with frameworks such as NIST, FedRAMP, and FISMA while enabling secure innovation in highly complex, high-stakes environments.

Key Responsibilities

• Lead compliance initiatives for cloud-based mission systems across AWS, Azure, and/or GCP environments
• Interpret and implement federal cybersecurity frameworks (e.g., NIST 800-53, FedRAMP, FISMA) into actionable controls
• Manage Authority to Operate (ATO) processes, including documentation, control validation, and accreditation support
• Develop and maintain System Security Plans (SSPs), POA&Ms (Plans of Action & Milestones), and other compliance artifacts
• Conduct risk assessments, gap analyses, and continuous monitoring activities
• Collaborate with security engineers and cloud teams to ensure proper implementation of technical controls
• Coordinate internal and external audits, assessments, and compliance reviews
• Track and remediate vulnerabilities in alignment with federal and agency timelines
• Establish governance processes, policies, and procedures to support ongoing compliance
• Provide guidance on secure cloud architecture and regulatory requirements
• Report compliance status, risks, and metrics to leadership and stakeholders
• Support data protection, privacy requirements, and system categorization efforts

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Assurance, Information Systems, or related field (or equivalent experience)
• 7 years of experience in cybersecurity compliance, GRC, or information assurance
• Strong knowledge of federal frameworks (NIST 800-53, FedRAMP, FISMA, RMF)
• Experience supporting ATO processes and system accreditation
• Familiarity with cloud platforms (AWS, Azure, or GCP) and cloud security controls
• Experience developing compliance documentation (SSPs, POA&Ms, security policies)
• Understanding of risk management, vulnerability management, and continuous monitoring
• Strong communication skills for working with technical and non-technical stakeholders

Preferred Qualifications

• Experience supporting aerospace, defense, or federal government environments
• Certifications such as CISSP, CISM, CRISC, or Certified Authorization Professional (CAP)
• Experience with automated compliance and GRC tools
• Knowledge of Zero Trust Architecture and cloud-native security services
• Experience with data classification, privacy controls, and sensitive data handling
• Active or eligible for U.S. security clearance

Core Competencies

• Governance, Risk & Compliance (GRC)
• Federal Security Frameworks & RMF
• Cloud Compliance (AWS, Azure, GCP)
• Audit & Assessment Management
• Risk Analysis & Mitigation
• Policy Development & Documentation
• Continuous Monitoring
• Stakeholder Communication & Leadership

Benefits

Navteca offers a comprehensive benefits package, including:

• Medical Insurance
• Dental Insurance
• Life and AD&D Insurance
• Short-Term and Long-Term Disability (STD/LTD)
• 401(k) Retirement Plan
• Paid Vacation
• Paid Holidays
• Paid Sick Leave
• Comp/Flex Time