Key skills
RAIAWSAzureGCPJiraLeadershipRisk ManagementCommunicationCloud Security
About this role
IonQ, Inc. is the world’s leading quantum company delivering solutions to solve complex problems. As a Security Engineer focused on GRC, you will implement security audit programs and risk management frameworks to ensure compliance and protect cutting-edge research.
Responsibilities:
- Implement and manage the NIST Risk Management Framework (RMF) to achieve and maintain compliance, mapping controls from standards like SOC 2, PCI, NIST 800-53, NIST 800-171, and CMMC
- Drive the data privacy program by conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) and managing day-to-day operations like Data Subject Access Requests (DSARs)
- Design and execute a continuous internal audit program to validate the effectiveness of controls across both quantum R&D and classical infrastructure, leveraging automated evidence collection to ensure year-round audit readiness
- Develop and enforce a comprehensive Data Governance framework that defines data ownership, classification, and lifecycle management specifically for sensitive quantum research data and proprietary algorithms
- Assess and mitigate risks unique to a quantum computing R&D environment, including intellectual property protection, supply chain security for specialized hardware, and physical security of lab environments
- Establish and mature the organization’s AI Governance Framework in alignment with the NIST AI RMF, performing risk assessments and security reviews of new AI tools and platforms
- Ensure our cloud environments (e.g., AWS, GCP, Azure) are configured and audited against security benchmarks, driving the creation and management of a formal risk remediation roadmap
- Spearhead the automation of GRC processes, building end-to-end compliance workflows in platforms like Jira to reduce manual effort in evidence collection and remediation tracking
- Develop and maintain security metrics and dashboards to report on compliance posture, risk levels, and program maturity to leadership
- Collaborate with technical and non-technical teams from legal to engineering, including on matters of technology, and prepare teams through training and exercises
Requirements:
- A Bachelor's degree in Computer Science or equivalent practical experience
- Familiarity with infosec frameworks like SOC 2, NIST RMF, and ISO 27001
- Demonstrated experience with global privacy frameworks (GDPR, CCPA/CPRA) and applying principles like Privacy by Design
- A technical background in systems administration, software engineering, cloud security, or security engineering
- Proven experience in security risk management and analysis
- Prior experience leading a SOC 2 Type II, ISO 27001, CMMC or NIST 800-53 audit from start to finish
- Hands-on experience with GRC platforms (e.g., Hyperproof, Drata, Anecdotes AI) and security tools like CSPM or vulnerability scanners
- Experience working in a high-security research, academic, or national laboratory environment
- Excellent communication skills, empathy for customers, and an excitement to learn and get things done right