Security Engineer - GRC

Role Overview

Security Engineer - GRC at IonQ. You will help implement security audit programs and risk management frameworks to protect cutting-edge quantum research and associated infrastructure.

Responsibilities

• Implement & manage NIST Risk Management Framework (RMF) to achieve and maintain compliance, mapping controls across standards such as SOC 2, PCI, NIST 800-53, NIST 800-171, and CMMC.
• Lead data privacy operations by running Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) and managing DSAR (Data Subject Access Request) workflows.
• Build and execute a continuous internal audit program for both quantum R&D and classical infrastructure, using automated evidence collection for year-round audit readiness.
• Create and enforce data governance covering data ownership, classification, and lifecycle management for sensitive quantum research data and proprietary algorithms.
• Identify and mitigate quantum R&D-specific risks, including:
  • intellectual property protection
  • supply chain security for specialized hardware
  • physical security for lab environments
• Establish and mature an AI Governance Framework aligned with NIST AI RMF, including risk assessments and security reviews of AI tools/platforms.
• Ensure cloud security posture (e.g., AWS, GCP, Azure) by configuring and auditing against security benchmarks and maintaining a risk remediation roadmap.
• Automate GRC processes by building end-to-end compliance workflows (e.g., Jira) to reduce manual evidence collection and remediation tracking.
• Develop security metrics & dashboards reporting compliance posture, risk levels, and program maturity to leadership.
• Collaborate across teams (legal to engineering), prepare stakeholders via training and exercises.

Requirements

• Bachelor’s degree in Computer Science or equivalent practical experience.
• Familiarity with infosec frameworks including SOC 2, NIST RMF, and ISO 27001.
• Experience with privacy frameworks such as GDPR and CCPA/CPRA, applying Privacy by Design.
• Technical background in systems administration (requirement text is truncated in the posting).

Nice to Have / Implied

• Hands-on experience plus ability to provide both tactical execution and strategic direction in GRC automation, audit readiness, and governance programs.