Infosec & GRC Manager

Position Summary 

Slingshot Aerospace is seeking an experienced Infosec & GRC Manager to protect our systems, data, and intellectual property as we scale across the United States and internationally. This senior, hands-on leader will drive the company’s information security, compliance, and IT governance programs while partnering closely with Engineering, Operations, and GRC teams. Reporting to senior IT and Infosec leadership, this person will design and maintain secure infrastructure, guide compliance readiness under CMMC 2.0 and NIST 800-171, and mature and expand practices toward ISO 27001, Cyber Essentials Plus, GDPR, and other frameworks as needed. They will lead by example, shaping a modern, automation-driven security culture that enables innovation while protecting Slingshot’s global mission. As Slingshot continues to grow, this role will evolve with the company’s expanding needs—scaling responsibilities, processes, and leadership impact across IT, Infosec, and GRC functions. 

Key Responsibilities 

• Lead the company’s information security and compliance strategy in partnership with senior IT and Infosec leadership. 
• Guide and mentor IT, Infosec, and GRC staff and contractors while remaining directly engaged in technical work.
• Define long-term roadmaps for security, compliance, and infrastructure that align with business goals and technology growth.
• Build out and mature IT and Infosec capabilities for USA, U.K. and international operations, aligning technical controls and compliance with regional requirements.
• Deliver regular metrics and program status to executive leadership and customers to demonstrate compliance, risk posture, and control maturity.
• Manage compliance operations including SSPs, POA&Ms, control testing, risk assessments, and audits for CMMC 2.0 and NIST 800-171.
• Develop and maintain documentation, evidence, and controls to support new or evolving frameworks such as ISO 27001, Cyber Essentials Plus, GDPR, and other standards as required by customers or regulators.
• Maintain evidence and documentation in platforms such as Vanta and Paramify, ensuring continuous audit readiness.
• Support Sales, Growth, and Legal teams with security questionnaires, RFIs, and RFPs, providing timely and accurate assurance documentation.
• Maintain federal and customer compliance portals (SPRS, eMASS) with current and complete records.
• Oversee third-party and vendor risk management, ensuring supply chain partners meet security and compliance standards.
• Partner with IT and Engineering to architect secure cloud, SaaS, and on-premises systems across AWS and Azure.
• Implement network and infrastructure security in collaboration with DevSecOps, IT, and Engineering teams, ensuring consistent security standards across environments.
• Coordinate with Development, Data, and Operations groups to embed secure design, testing, and deployment practices throughout the software lifecycle.
• Implement network segmentation and zero-trust access models; coordinate VPN, firewall, and remote access controls.
• Operate and enhance endpoint, identity, and network defenses using CrowdStrike, Zscaler, Okta, Microsoft Entra ID, Wiz, and Tenable.
• Run SIEM/SOAR or equivalent log analytics and automation (e.g., Splunk) to improve detection and response.
• Lead incident response from detection through recovery, maintaining detailed playbooks and conducting tabletop exercises.
• Oversee and manage the company’s security awareness and user training programs using platforms such as KnowBe4 or similar tools, ensuring all employees remain informed, compliant, and vigilant against evolving threats.
• Develop internal automation and tooling using Python, Go, or PowerShell for compliance evidence, monitoring, and reporting.
• Apply Infrastructure-as-Code and Policy-as-Code principles using Terraform, Ansible, or CloudFormation to enforce security baselines.
• Collaborate with software and product engineering teams to embed security into CI/CD pipelines, APIs, and customer-facing services.
• Provide expertise in Okta CIAM/CIS and Auth0 for secure customer identity and access flows.
• Own data-protection controls including encryption, key management, DLP, and data classification aligned to regional compliance.
• Lead business-continuity (BCP) and disaster-recovery (DR) testing; document findings and corrective actions.
• Strengthen backup and recovery programs for multi-cloud and hybrid environments.
• Support secure adoption of emerging technologies such as AI, automation, and advanced analytics within governance frameworks.
• Extend and strengthen Slingshot’s IT, Infosec, and compliance programs across U.K., E.U., and other international operations, maintaining data sovereignty and regulatory alignment. 

Qualifications

• CISSP certification required. 
• CMMC Certified Professional (CCP) preferred, or ability to obtain certification.
• 8+ years of progressive experience across IT, information security, networking, and GRC.
• Familiarity with CMMC 2.0 and NIST 800-171, with understanding of ISO 27001, Cyber Essentials Plus, GDPR, and the ability to support other frameworks as needed.
• Proven ability to lead IT and Infosec programs while remaining hands-on with engineering, automation, and incident response.
• Strong coding and scripting skills in Python, Go, or PowerShell, with experience building internal tools or integrations.
• Expertise in IAM, endpoint protection, cloud security, data protection, and zero-trust architecture.
• Experience with tools such as CrowdStrike, Zscaler, Wiz, Tenable, Vanta, Paramify, Okta, and Microsoft Entra ID.
• Excellent written and verbal communication skills with the ability to work across technical, operational, and executive teams.
• U.S. citizenship and TS/SCI eligibility required.
• International experience and multi-region program management are highly valued. 

Success Looks Like 

You maintain continuous audit readiness, strengthen automation and global resilience, improve employee training and awareness, and deliver a unified IT, Infosec, and compliance program that builds trust with customers and enables growth. 

Location: Remote : This is a remote role that may require periodic travel for audits, assessments, and team collaboration. 

U.S. citizenship and TS/SCI eligibility required. 

Why Slingshot 

Slingshot Aerospace develops technology that makes space safer, smarter, and more connected. Protecting those innovations is central to our mission. As the Infosec & GRC Manager, you will lead the systems and programs that safeguard the company as we expand globally. This is a high-impact opportunity for a technical and strategic leader who thrives on building, securing, and scaling critical infrastructure while living our core principle: Protect the Company and Honor the Customer.