IT Compliance Lead

Voyager is an innovative defense, national security and space technology company committed to advancing and delivering transformative, mission-critical solutions. We tackle the most complex challenges to unlock new frontiers for human progress, fortify national security, and protect critical assets to lead in the race for technological and operational superiority from ground to space. 

Forge the Future: Join Voyager Technologies 

The future belongs to those who build it. At Voyager Technologies, we’re building technologies that protect lives, expand frontiers and prepare us for what’s next. And we’re doing that with people who are wired to solve, build, adapt and lead. These roles are not for the faint of heart.  

You’ll help lay the foundation for humanity's future. Join a culture where innovation thrives, curiosity is rewarded, and impact is real. We’re a company of doers, thinkers and builders, united by purpose and grounded in reality. 

If you want to put your skills to work where the stakes are real and the mission is bigger than any one person, forge the future with Voyager. 

____________________________________________________________________________________ 

Job Summary: 

Voyager Technologies is seeking a detail-oriented, mission-driven IT Compliance / GRC Analyst to lead cybersecurity governance, regulatory compliance, and risk management activities across our space, aerospace, and defense programs.

This role ensures the organization can securely handle Controlled Unclassified Information and (CUI), ITAR/export-controlled data while maintaining continuous compliance with:

• NIST SP 800-171
• CMMC Level 2/3
• DFARS 252.204-7012
• ITAR / EAR Export Control
• NASA / DoD contract security clauses

You will partner with IT, engineering, program management, legal, and contracts teams to translate regulatory requirements into practical, auditable controls that enable mission delivery — not slow it down.

If you enjoy building order from complexity, preparing organizations for audits, and designing security programs that scale, you’ll thrive here.

Responsibilities: 

Governance & Compliance Program

• Own and maintain the organization’s cybersecurity compliance framework
• Map controls to:
• NIST 800-171
• CMMC practices
• DFARS clauses
• ITAR/EAR requirements
• Develop and maintain:
• System Security Plans (SSPs)
• POA&Ms
• Policies, standards, procedures
• Control evidence repositories
• Establish continuous monitoring processes

Audit & Assessment Readiness

• Lead preparation for:
• CMMC assessments (C3PAO)
• DCMA/DoD/NASA audits
• Prime contractor reviews
• Coordinate evidence collection and artifact management
• Track remediation plans and closure metrics
• Conduct internal mock audits and gap assessments
• Serve as primary liaison for assessors and government representatives

Risk Management

• Conduct enterprise and system-level risk assessments
• Maintain risk register and mitigation plans
• Perform impact analysis for new technologies and programs
• Evaluate supplier and subcontractor cybersecurity posture
• Support incident reporting obligations (DFARS 7012 timelines)

Data Protection & Export Control

• Ensure compliant handling of:
• CUI
• ITAR/EAR technical data
• Sensitive government information
• Define data classification and marking standards
• Support enclave design and segmentation strategies
• Advise teams on compliant collaboration (GCC High/Azure Gov, secure sharing)

Cross-Functional Partnership

• Work with:
• IT operations
• Security/SOC teams
• Engineering & DevOps
• Contracts & Legal
• Program Managers
• Integrate security requirements into new systems and proposals
• Support contract bids with compliance documentation

Training & Culture

• Deliver CUI/ITAR handling and compliance awareness training
• Coach system owners on control ownership
• Promote “audit ready every day” mindset
• Lead tabletop exercises and readiness drills

Required Qualifications: 

• High school diploma or equivalent
• 4–8+ years in cybersecurity, IT compliance, or GRC roles
• Experience supporting a regulated or defense contractor environment
• Hands-on knowledge of:
• NIST SP 800-171
• CMMC
• DFARS 252.204-7012
• ITAR/EAR or export controls
• Experience creating SSPs and POA&Ms
• Experience preparing for audits or formal assessments
• Strong documentation and evidence management skills
• Excellent communication and cross-functional collaboration
• U.S. Person status required (ITAR eligibility)
• Ability to obtain a security clearance

Preferred Qualifications: 

• Experience with:
  • Microsoft GCC High or Azure Government
  • FedRAMP or GovCloud environments
  • Supply chain cybersecurity risk management (SCRM)
  • Government proposals / contract compliance
• Experience using GRC tools (Archer, ServiceNow GRC, Drata, etc.)
• Background in aerospace, space systems, or DoD programs
• Certifications (nice to have)
  • CISM
  • CISSP
  • CRISC
  • CISA
  • CMMC RP/CCA/CCI
  • Security+

Please click “Apply” to submit your application. 

The salary range represents the base salary range for this position. Actual compensation will vary and may be above or below the range based on various factors. Those include but are not limited to location, experience, and performance.

Voyager offers a comprehensive, total compensation package, which includes competitive salary, a discretionary annual bonus plan, paid time off (PTO), a comprehensive health benefit package, retirement savings, wellness program, and various other benefits. When you join our team, you’re not just an employee; you become part of a dynamic community dedicated to innovation and excellence. 

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. 

Voyager is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.  

Minority/Female/Disabled/Veteran 

The statements contained in this job description are intended to describe the general content and requirements for performance of this job. It is not intended to be an exhaustive list of all job duties, responsibilities, and requirements. This job description is not an employment agreement or contract. Management has the exclusive right to alter the scope of work within the framework of this job description at any time without prior notice.