Compliance and Cybersecurity Manager

Company Description

Stell helps engineers at hardware companies in heavily-regulated industries (Space, Aviation, Medical Devices) do documentation and tracking of technical contract compliance. Stell’s key innovations are (1) a user-interface for building text-rich documentation while enabling the complex linking needed to describe hardware systems, and (2) secure collaboration on technical contracts, replacing email and PDFs for our customers and their customers.

Role Description

This is a full-time hybrid role for a Compliance and Cybersecurity Manager position. The Compliance and Cybersecurity Manager will be responsible for ensuring that Stell complies with industry regulations related to cybersecurity. This manager role will work with the entire Stell team, as well as external partners, to identify and mitigate security risks to our software platform. This is a hybrid role based out of either Los Angeles or San Francisco.

Responsibilities

• Lead the company's efforts to achieve and maintain the highest standards of cybersecurity compliance and readiness, aligning with industry best practices and preparing for future regulatory requirements.
• Manage relationships with third-party partners and vendors to ensure their services meet our security and compliance standards.
• Act as the certifying compliance officer, potentially growing into a CISO role, ensuring all security practices align with our compliance goals.
• Develop and maintain the System Security Plan (SSP) and Plan of Actions and Milestones (POAM), adjusting as necessary for evolving compliance requirements such as FedRAMP and CMMC.
• Maintain expert knowledge of compliance standards including SOC2, NIST 800-171, NIST 800-53, ISO 27001, and OWASP.
• Utilize tools and technologies such as Terraform, AWS, and GitHub Actions for security automation and compliance monitoring. Knowledge of Java and HTML/CSS/JS programming languages a plus.
• Implement and maintain security best practices across all technology stacks and platforms.
• Build long-term roadmaps and execute day-to-day tasks - after all, it’s a start-up!
• Manage and work closely with vendors for events like audits

Qualifications

• Have a proven experience in cybersecurity, particularly in a SaaS or cloud environment, with a strong background in compliance efforts for SOC2, NIST 800-171, and ideally NIST 800-53.
• Have excellent organizational, communication, and leadership skills:
• You are energized by forging Stell’s growth path amidst uncertainty and rapidly changing business needs
• You are comfortable communicating Stell’s cybersecurity infrastructure to customers and partners
• Have a strong technical background in Terraform, AWS, GitHub Actions, and programming languages such as Java or HTML/CSS/JS.
• Have experience managing third-party vendors and partners.

Nice to Haves

• Previous experience in aerospace or government sectors.
• Professional certifications such as CISSP, CISM, AWS security certifications, Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Auditor (CISA).

What Stell Offers

• Flexibility and autonomy at work in a hybrid work environment - we have offices in SF or LA and are in-office 3 days a week
• Mission to support the aerospace and US manufacturing ecosystem - Stell exists to serve hardware engineers developing and building some of the most important tech in our time (rockets, satellites, drones!)
• Sizable equity - you become an owner of this company
• Competitive salary
• Healthcare, vision, dental
• Relocation stipend available

We value diversity at Stell, and encourage everyone to apply.