Job Requirements
Remote Arlington, VA
Secret Polygraph not specified
Senior Level Career (10+ yrs experience)
$160,000 - $190,000
Job Description
SG2 Recruiting is partnering with Wind RiverX to identify an experienced Information Systems Security Engineer / Manager who thrives at the intersection of cybersecurity, compliance, secure systems engineering, and enterprise governance.
You'll be joining a rapidly growing defense technology organization supporting some of the nation's most critical missions. Reporting directly to the Senior Director of Compliance, you'll play an active role in building an enterprise cybersecurity program that enable secure innovation while ensuring compliance with Department of Defense, federal, and international security standards.
The ideal candidate has hands-on experience supporting highly regulated organizations—particularly FOCI-mitigated environments—and enjoys working alongside engineering, IT, security, and executive leadership to build scalable cybersecurity programs from the ground up.
What You Will Be Doing:
Lead Governance, Risk & Compliance (GRC)
Developing and maintaining enterprise cybersecurity governance programs
Driving compliance with ISO 27001, NIST 800-171, CMMC, RMF, SOX, GDPR, NIS2, TISAX, and related regulatory frameworksCreating and maintaining cybersecurity policies, standards, procedures, and governance documentation
Developing System Security Plans (SSPs), Electronic Communications Plans (ECPs), and Plans of Action & Milestones (POA&Ms)
Partnering with control owners to manage risks, exceptions, and continuous compliance improvements
Drive Enterprise Security Programs
Conducting cybersecurity risk assessments
Monitoring security controls and regulatory compliance
Supporting secure systems architecture and enterprise network security initiatives
Collaborating with engineering teams on secure identity management, authentication, authorization, and access control
Supporting secure cloud and hybrid infrastructure environments
Lead Audit Readiness
Preparing the organization for internal audits, customer assessments, and regulatory reviews
Coordinating audit evidence collection across cross-functional teams
Supporting CMMC assessments and RMF accreditation activities
Maintaining audit-ready documentation and cybersecurity artifacts
Strengthen Enterprise Resilience
Leading Business Impact Assessments (BIAs)
Maintaining business continuity and disaster recovery programs
Conducting tabletop exercises
Developing cyber incident response and continuity playbooks
Manage Third-Party Cybersecurity Risk
Performing vendor cybersecurity assessments
Evaluating supplier security documentation
Tracking remediation activities
Supporting cybersecurity contract reviews and right-to-audit requirements
Strengthening supply chain security posture
Partner Across the Business
Collaborating with Architecture, Engineering, Product Security, IT, and executive leadership
Supporting Government Security Committee initiatives
Delivering executive briefings on cybersecurity posture and organizational risk
Promoting cybersecurity awareness and role-based training programs
What You Need:
U.S. Citizenship and ability to obtain / maintain a Secret Clearance
Seven (7) or more years of cybersecurity, information assurance, GRC, compliance, or audit experience
Experience supporting DoD contractors, federal agencies, FOCI-mitigated organizations, or other highly regulated environments
Experience developing enterprise cybersecurity governance programs
Experience developing and maintaining SSPs, ECPs, and POA&Ms
Working knowledge of: ISO 2700, NIST 800-171, CMMC, RMF, SOX, GDPR, TISAX
Experience with cybersecurity compliance platforms and GRC tools
Strong technical writing, documentation, and communication skills
Ability to communicate effectively with executives, auditors, customers, and technical teams
Ability to meet with team members in Washington, DC Metro office monthly or as needed.
It's a Plus If You Have This:
Active Secret Clearance
Experience supporting FOCI-mitigated organizations
Experience establishing cybersecurity programs for newly formed organizations
Secure enterprise architecture experience
Enterprise networking expertise
SOC, SIEM, and SOAR strategy experience
Vendor Risk Management experience
Supply chain cybersecurity experience
Business continuity and disaster recovery leadership
Technical Operations Center experience
Experience with: Splunk, Nessus Security Center, WebInspect, Xacta, Tanium, Microsoft Azure, AWS/C2S, VMware, Nutanix, PowerShell, SQL Security, STIG compliance, SecDevOps
Professional certifications such as: CISSP, CISM, CISA, CEH, ITIL, CCNP, JNCIA, ISO Lead Auditor
What's In It For You:
Join a rapidly growing organization focused on national security innovation
Help shape enterprise cybersecurity strategy from the ground up
Work alongside experienced engineers, architects, and cybersecurity professionals
Influence security architecture supporting next-generation defense technologies
Competitive compensation and comprehensive benefits
Opportunity to make a direct impact on mission-critical U.S. defense programs
About the Company
Wind RiverX delivers advanced software and engineering solutions for mission-critical aerospace, defense, and intelligent edge systems, supporting some of the world's most demanding operational environments.
As a subsidiary of Wind River, whose software has powered aerospace, autonomous systems, commercial aviation, and defense platforms for more than four decades, Wind RiverX combines proven technical excellence with the speed and agility of a modern defense software company.
Working closely with government and industry partners, Wind RiverX develops secure, software-defined solutions that strengthen digital resilience across air, land, sea, cyber, and space domains. The company values collaboration, technical excellence, integrity, and innovation while empowering employees to solve some of the nation's most complex technology challenges.
You'll be joining a rapidly growing defense technology organization supporting some of the nation's most critical missions. Reporting directly to the Senior Director of Compliance, you'll play an active role in building an enterprise cybersecurity program that enable secure innovation while ensuring compliance with Department of Defense, federal, and international security standards.
The ideal candidate has hands-on experience supporting highly regulated organizations—particularly FOCI-mitigated environments—and enjoys working alongside engineering, IT, security, and executive leadership to build scalable cybersecurity programs from the ground up.
What You Will Be Doing:
Lead Governance, Risk & Compliance (GRC)
Developing and maintaining enterprise cybersecurity governance programs
Driving compliance with ISO 27001, NIST 800-171, CMMC, RMF, SOX, GDPR, NIS2, TISAX, and related regulatory frameworksCreating and maintaining cybersecurity policies, standards, procedures, and governance documentation
Developing System Security Plans (SSPs), Electronic Communications Plans (ECPs), and Plans of Action & Milestones (POA&Ms)
Partnering with control owners to manage risks, exceptions, and continuous compliance improvements
Drive Enterprise Security Programs
Conducting cybersecurity risk assessments
Monitoring security controls and regulatory compliance
Supporting secure systems architecture and enterprise network security initiatives
Collaborating with engineering teams on secure identity management, authentication, authorization, and access control
Supporting secure cloud and hybrid infrastructure environments
Lead Audit Readiness
Preparing the organization for internal audits, customer assessments, and regulatory reviews
Coordinating audit evidence collection across cross-functional teams
Supporting CMMC assessments and RMF accreditation activities
Maintaining audit-ready documentation and cybersecurity artifacts
Strengthen Enterprise Resilience
Leading Business Impact Assessments (BIAs)
Maintaining business continuity and disaster recovery programs
Conducting tabletop exercises
Developing cyber incident response and continuity playbooks
Manage Third-Party Cybersecurity Risk
Performing vendor cybersecurity assessments
Evaluating supplier security documentation
Tracking remediation activities
Supporting cybersecurity contract reviews and right-to-audit requirements
Strengthening supply chain security posture
Partner Across the Business
Collaborating with Architecture, Engineering, Product Security, IT, and executive leadership
Supporting Government Security Committee initiatives
Delivering executive briefings on cybersecurity posture and organizational risk
Promoting cybersecurity awareness and role-based training programs
What You Need:
U.S. Citizenship and ability to obtain / maintain a Secret Clearance
Seven (7) or more years of cybersecurity, information assurance, GRC, compliance, or audit experience
Experience supporting DoD contractors, federal agencies, FOCI-mitigated organizations, or other highly regulated environments
Experience developing enterprise cybersecurity governance programs
Experience developing and maintaining SSPs, ECPs, and POA&Ms
Working knowledge of: ISO 2700, NIST 800-171, CMMC, RMF, SOX, GDPR, TISAX
Experience with cybersecurity compliance platforms and GRC tools
Strong technical writing, documentation, and communication skills
Ability to communicate effectively with executives, auditors, customers, and technical teams
Ability to meet with team members in Washington, DC Metro office monthly or as needed.
It's a Plus If You Have This:
Active Secret Clearance
Experience supporting FOCI-mitigated organizations
Experience establishing cybersecurity programs for newly formed organizations
Secure enterprise architecture experience
Enterprise networking expertise
SOC, SIEM, and SOAR strategy experience
Vendor Risk Management experience
Supply chain cybersecurity experience
Business continuity and disaster recovery leadership
Technical Operations Center experience
Experience with: Splunk, Nessus Security Center, WebInspect, Xacta, Tanium, Microsoft Azure, AWS/C2S, VMware, Nutanix, PowerShell, SQL Security, STIG compliance, SecDevOps
Professional certifications such as: CISSP, CISM, CISA, CEH, ITIL, CCNP, JNCIA, ISO Lead Auditor
What's In It For You:
Join a rapidly growing organization focused on national security innovation
Help shape enterprise cybersecurity strategy from the ground up
Work alongside experienced engineers, architects, and cybersecurity professionals
Influence security architecture supporting next-generation defense technologies
Competitive compensation and comprehensive benefits
Opportunity to make a direct impact on mission-critical U.S. defense programs
About the Company
Wind RiverX delivers advanced software and engineering solutions for mission-critical aerospace, defense, and intelligent edge systems, supporting some of the world's most demanding operational environments.
As a subsidiary of Wind River, whose software has powered aerospace, autonomous systems, commercial aviation, and defense platforms for more than four decades, Wind RiverX combines proven technical excellence with the speed and agility of a modern defense software company.
Working closely with government and industry partners, Wind RiverX develops secure, software-defined solutions that strengthen digital resilience across air, land, sea, cyber, and space domains. The company values collaboration, technical excellence, integrity, and innovation while empowering employees to solve some of the nation's most complex technology challenges.
group id: 90835416