GRC Security Architect

At Stoke, we believe a thriving space economy will enable a vibrant, sustainable, and equitable future here on Earth. That is why we’re building Nova, our fully and rapidly reusable launch vehicle. Designed for daily flight, Nova tackles the core challenges of space transportation by reducing cost, increasing availability, and improving reliability. By radically lowering launch costs and increasing flight cadence, we’re helping create a truly scalable space industry.

Our team is mission-driven, collaborative, and empowered to take ownership of their work. If you want to work alongside some of the most dedicated and talented people on Earth, we’d love to have you join us.

Description

Reusable launch systems depend on security, compliance, and risk management that enable speed without compromising the mission. As a GRC Security Architect, you will own the security governance, risk, and compliance architecture for Stoke’s NOVA program as we build and scale a fully reusable launch vehicle.

This is a hands-on role with end-to-end ownership of how security requirements become practical, auditable, and scalable controls across the company. You will define and drive the policies, standards, control implementations, risk processes, and evidence systems that support frameworks such as NIST 800-171, NIST 800-53, CMMC, DFARS, CUI, ITAR, and other customer or regulatory requirements. You will work directly with SMEs across IT, security, software, infrastructure, engineering, manufacturing, legal, finance, and operations to translate complex obligations into controls that are clear, effective, and realistic for a fast-moving rocket company. You own the outcome, not just the checklist.

We are a small, highly motivated team. You will work shoulder-to-shoulder with engineers, system owners, business leaders, and operations teams to identify risk, design practical mitigations, prepare for audits and assessments, and build a security program that enables the company to move fast while protecting sensitive information and mission-critical systems.

You must be ready to stay focused, move quickly, self-direct, and learn on the fly.

Responsibilities

• Lead the design, implementation, and continuous improvement of the company’s governance, risk, and compliance program for our NOVA program

• Architect security and compliance controls that support a regulated aerospace environment, including systems that may process or support CUI, ITAR-controlled data, export-controlled information, proprietary engineering data, and other sensitive business information

• Own and mature the company’s risk management process, including risk identification, assessment, treatment planning, exception handling, control validation, and executive-level risk reporting

• Define, document, and maintain security policies, standards, procedures, control narratives, and implementation guidance aligned with frameworks such as NIST SP 800-171, NIST SP 800-53, CMMC, SOC 2, ISO 27001, DFARS, FedRAMP-informed cloud security practices, and other applicable requirements

• Translate regulatory and contractual security requirements into practical, scalable technical and operational controls that can be implemented by IT, Engineering, Manufacturing, Software, Legal, Finance, and business teams

• Partner with IT and software engineering teams to design security controls that are effective, auditable, and compatible with fast-moving technical operations

• Develop and maintain key compliance artifacts, including control mappings, system security plans, control implementation statements, risk registers, POA&Ms, evidence repositories, audit responses, and executive summaries

• Lead internal readiness activities for audits, assessments, customer security reviews, and third-party compliance engagements

• Evaluate proposed systems, tools, vendors, cloud services, and business processes for security, compliance, data protection, and regulatory risk

• Provide security architecture guidance for sensitive systems, including identity and access management, logging and monitoring, endpoint protection, vulnerability management, network segmentation, secure cloud design, data handling, and secure software development practices

• Identify opportunities to automate evidence collection, control monitoring, compliance reporting, and risk tracking

• Serve as a senior advisor to technical and business leaders on security risk, compliance obligations, control tradeoffs, and practical implementation paths

• Perform additional duties as needed to support company security, compliance, and mission objectives

Qualifications

• 7+ years of experience in information security, security architecture, GRC, compliance engineering, infrastructure security, or related roles

• Exceptional understanding of IT and security architecture across applications, networks, servers, storage, identity systems, endpoint platforms, SaaS, cloud infrastructure, and hybrid environments

• Strong working knowledge of governance, risk, and compliance frameworks, including NIST SP 800-171, NIST SP 800-53, CMMC, SOC 2, ISO 27001, and related security control models

• Ability to interpret regulatory, contractual, and framework requirements and translate them into actionable technical and operational controls

• Strong understanding of risk management practices, including risk assessment, risk treatment, exception management, compensating controls, and executive risk communication

• Experience building or maturing security documentation, including policies, standards, procedures, control implementation statements, SSPs, POA&Ms, risk registers, and audit evidence packages

• Strong analytical and problem-solving skills, with sound judgment when balancing security, compliance, business velocity, and operational practicality

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field, or equivalent practical experience

Preferred Qualifications

• Experience operating in regulated environments subject to NIST SP 800-171, CMMC, DFARS, NIST SP 800-53, FedRAMP, ISO 27001, SOC 2, CUI handling, ITAR, export control, aerospace, defense, or other government-driven security requirements

• Experience designing security and compliance programs for fast-growing organizations where processes, systems, and controls must be built while the business is scaling

• Experience supporting or preparing for CMMC, SOC 2, ISO 27001, government customer reviews, or other formal security assessments

• Experience with secure software development lifecycle practices, including threat modeling, secure code review processes, CI/CD security controls, software supply chain risk management, and vulnerability remediation workflows

• Professional security certifications such as CISSP, CISM, CISA, GIAC, or equivalent practical experience

• Prior experience in a startup, aerospace, defense, manufacturing, engineering, or highly technical environment

Benefits

• Equity – We know that our employees are the reason we succeed. To give everyone a stake in our future, we are pleased to offer equity in the form of stock options to all regular, full-time employees.

• Comprehensive benefits program including subsidized medical, dental, and vision insurance

• Company-paid life and disability insurance

• 401(k) plan with employer match

• 4 weeks’ Paid Time Off

• Holidays – 10 days (including an end-of-year closure)

• Paid Family/Parental Leave

• On-site gym or monthly wellness stipend (depending on location)

• Dog friendly offices!

Compensation

Target Levels:

• Level 4 Range: $160,230 - $240,450

• Level 5 Range: $192,360 - $288,435

Our job posts are intentionally written to attract a wide variety of experience levels, and we make decisions about the right fit on a per-candidate basis.

Your actual level and base salary will be decided based on your specific experience and skill level.

ITAR Requirements

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

Equal Opportunity

The Company is an Equal Opportunity Employer, including with respect to disability and veteran status. It is committed to compliance with all equal opportunity laws, including the Immigration and Nationality Act (INA) and Title VII. It does not discriminate on the basis of nationality, race, citizenship, immigration status, or any other protected class when it comes to employment practices, including hiring.

Employment at the Company is contingent upon satisfactory completion of reference and background checks, and on your ability to prove your identity and authorization to work in the U.S. for the Company. Employees must comply with the United States Citizenship and Immigration Services employment verification requirements, and, therefore, they must complete an Employment Eligibility Verification Form I-9 at the start of employment and re-verify authorization to work periodically.

Separate from this I-9 process, this position entails access to certain technology and technical data that is restricted under U.S. export control laws and regulations. Employment or continued employment may be conditioned on your legal authorization to work with or have access to export control materials as necessary to perform your job.

Candidate Rights & Accommodations

If you require a reasonable accommodation to complete the application or participate in the interview process, please contact [email protected]. Requests will be handled in accordance with applicable laws. Please do not include medical or other confidential information in your initial request.

For more information about your rights, please refer to the "Know Your Rights" notice here.

E-Verify

Stoke Space uses E-Verify to confirm the identity and employment eligibility of all new hires.