🛠 Tech Stack

💼 About This Role

You'll own and drive Varda's CMMC Level 2 certification effort, coordinating across security and IT teams. Your work will directly enable successful C3PAO assessment and sustain compliance posture beyond it.

🎯 What You'll Do

• Own System Security Plan (SSP) end-to-end with evidence mapping
• Maintain Plan of Action Milestones (POA&M) and drive remediation
• Coordinate evidence artifact collection across security, IT, and HR
• Serve as primary liaison to C3PAO assessors throughout assessment

📋 Requirements

• 5+ years in GRC, compliance, or security program management
• Direct hands-on experience with CMMC Level 2 certification
• Experience managing C3PAO assessments as primary GRC lead

✨ Nice to Have

• Familiarity with NIST 800-171 control framework
• Experience with CrowdStrike, Zscaler, ThreatLocker, Darktrace, Okta
• Background in aerospace or defense industry compliance

🎁 Benefits & Perks

• 🏖️ Unlimited PTO
• 💰 Equity grants
• 🏥 Health, dental, and vision insurance
• 🍱 Daily lunch provided
• 🚀 Opportunity to shape space infrastructure