Infosec Engineering & GRC Manager

Position Summary

Slingshot Aerospace is seeking a hands-on, technical engineer focused on Information Security & GRC Manager to protect the systems, cloud infrastructure, data, and intellectual property that power our mission to make space safer, smarter, and more connected. This role blends information security engineering, platform and systems ownership, cloud and identity architecture, and governance, risk, and compliance (GRC) while partnering closely with IT and Engineering on day-to-day operations. You will serve as the senior technical escalation point for Information Security and IT, own and operate core security platforms, strengthen Zero Trust and identity controls, lead incident response, drive automation, maintain continuous audit readiness, and lead Slingshot's security awareness training program.

Information Security Engineering & IT Partnership

• Act as the senior escalation point for Information Security, GRC, and IT across identity, endpoint, network, cloud, and SaaS ecosystems.
• Partner with IT on joiner / mover / leaver (JML) lifecycle operations, secure configurations, patch management, device compliance, and SaaS administration.
• Lead engineering projects including security platform buildouts, integrations, migrations, and modernization efforts.
• Maintain runbooks, SOPs, hardening guides, operational baselines, and technical documentation aligned with CMMC 2.0, NIST 800-171, ISO 27001, SOC 2, and internal governance.
• Provide security architecture and design guidance to Engineering, Product, Data, and Operations teams.
• Deliver regular security metrics, risk posture reporting, and compliance status updates to leadership and customers.

Platform Ownership & Zero Trust Architecture

Security Operations & Automation

Data Security & AI Governance

Governance, Risk & Compliance (GRC)

You will own compliance across CMMC 2.0, NIST 800-171, ISO 27001 and other frameworks as needed : SOC 2, Cyber Essentials Plus, GDPR, and customer-required frameworks. Maintain SSPs, POA&Ms, diagrams, inventories, control mappings, risk assessments, policies, and audit evidence. Use Vanta and Paramify for continuous monitoring and evidence readiness. Maintain submissions and scoring in SPRS and eMASS. Lead vendor and third-party risk management including assessments and supply chain documentation. Partner with Sales, Growth, Legal, and Customer teams for RFIs, RFPs, questionnaires, and assurance activities.

Security Awareness & Training

Basic Qualifications

Preferred Qualifications

Why Slingshot

Slingshot Aerospace builds technology used for mission-critical decisions in national security, defense, and space operations. As the Infosec Engineering & GRC Manager, you will shape the systems, controls, engineering practices, and compliance frameworks that protect Slingshot's global mission.

Location, Clearance & Compensation

US-based Candidates : we are currently only able to hire residents of the following U.S. states : AZ, CA, CO, DC, FL, GA, HI, IL, IN, KS, MD, MA, MI, MN, MO, MT, NV, NJ, NM, NY, NC, OR, RI, TN, TX, UT, VT, VA, WA, WV, and WI. We are unable to consider candidates residing in other U.S. states at this time.

Internationally-based Candidates : we are currently only able to hire residents of the following locations : United Kingdom. We are unable to consider candidates residing in other countries at this time.

Equity, Diversity & Inclusion are key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences, and backgrounds, who share a passion for creating a safer, more connected world. Diversity not only includes race and gender identity, but also national origin, citizenship, sex, color, veteran status, disability, genetic information, or any other protected characteristic that is part of one's identity. All of our employees' points of view are key to our success, and we embrace individuality.