Archer · 1 day ago
Director of Technology - Governance, Risk, and Compliance
San Jose, CA
Full-time
Hybrid
Director/Executive
$219K/yr - $290K/yr
8+ years expArcher is an aerospace company based in San Jose, California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. They are seeking a Director of Technology - Governance, Risk, and Compliance to design and develop Archer's Cybersecurity GRC program, overseeing the implementation of governance, risk, and compliance strategies.
AerospaceAir TransportationElectric VehicleManufacturing
No H1B
Responsibilities
Develop and execute a comprehensive Cyber-focused Governance, Risk, and Compliance (GRC) strategy aligned with Archer's business objectives and regulatory obligations, including NIST SP 800-171, CMMC Level 2, SOX 404, and ITAR/EAR requirements
Lead the design and implementation of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms) to achieve and maintain NIST 800-171 and CMMC Level 2 compliance across enterprise infrastructure and systems
Establish and manage an enterprise-wide risk management program that identifies, assesses, prioritizes, and tracks cybersecurity, operational, and compliance risks, communicating risk exposure clearly to the board and executive leadership
Design and enforce a control framework (based on NIST SP 800-171, CMMC practices, SOX ITGC, and ISO 27001) that defines roles, responsibilities, and audit expectations across the organization
Conduct or coordinate regular compliance assessments and internal audits to ensure adherence to regulatory frameworks, identifying gaps and designing remediation strategies with clear timelines and accountability
Manage relationships with external auditors, assessors, and regulators, including Security Control Assessors (SCAs) for CMMC certification and SOX auditors, to ensure timely evidence collection and audit readiness
Develop and maintain comprehensive compliance documentation, including policies, procedures, risk registers, control matrices, and audit evidence repositories
Lead the design of third-party and vendor risk management processes, including technical security assessments, contractual compliance requirements, and ongoing monitoring of vendor compliance posture
Drive compliance training and awareness programs across the organization, ensuring all employees understand their roles in maintaining security and compliance standards
Stay current with emerging regulatory changes, evolving industry standards, and evolving threat landscapes relevant to aerospace, defense, and public companies
Provide executive-level reporting to the Board, Audit Committee, and C-suite, translating technical compliance metrics into business risk language and strategic recommendations
Qualification
Required
8 plus years of experience in Technical Governance, Risk, and Compliance, Risk Management, Audit, or Information Security, with a minimum of 3 years in a director or senior manager role leading a GRC function or compliance program
Expert-level understanding of NIST CSF, SP 800-171, and CMMC Level 2 frameworks, including the ability to develop SSPs, conduct gap assessments, and design control architecture
Hands-on experience managing NIST CSF, 800-171 compliance programs or leading CMMC Level 2 assessments and certification initiatives
Strong knowledge of SOX Section 404 requirements, particularly IT General Controls (ITGC), and ability to design controls that satisfy auditor expectations
Deep understanding of ITAR and EAR export control regulations as they apply to IT systems and data classification
Proficiency in risk management methodologies, including risk identification, quantification, prioritization, and remediation tracking using qualitative and quantitative approaches
Experience designing and operating control frameworks (ISO 27001, NIST CSF, SOC 2 Type II) and translating framework requirements into operational controls and audit evidence
Strong communication skills to present complex compliance and risk concepts to technical teams, executive leadership, boards of directors, and external auditors
Demonstrated ability to lead and mentor teams, manage budgets, and drive cross-functional initiatives
Preferred
Experience with Aerospace, Defense, or Federal Contractor industries, including familiarity with CMMC enforcement, DoD contract requirements, and federal compliance culture
Hands-on experience conducting or participating in CMMC Level 2 assessments or FedRAMP authorizations
Experience as a Security Control Assessor (SCA) or CMMC Professional (CISSP with CMMC focus)
Background in public company SOX compliance, including experience with Audit Committee interactions and SEC reporting requirements
Knowledge of GRC platforms and tools (Archer GRC, Audit Board, ServiceNow) for evidence management, risk tracking, and audit automation
Professional certifications such as CISSP, CISM, CRISC, Certified Regulatory Compliance Manager (CRCM), or Certified Compliance and Ethics Professional (CCEP)
Advanced degree in Cybersecurity, Business Administration, Law, or Engineering
Experience with third-party risk management and vendor security assessment frameworks
Direct experience building compliance automation and audit evidence collection processes to scale compliance operations
Company
Archer
Archer is an aerospace company that developed an electric vertical takeoff and landing aircraft tailored for urban air mobility systems.
1001-5000 employees
Funding
Current Stage
Public CompanyTotal Funding
$3.48BKey Investors
BlackRockStellantis
2025-11-06Post Ipo Equity· $650M
2025-06-12Post Ipo Equity· $850M
2025-02-11Post Ipo Equity· $300M
Leadership Team
Adam Goldstein
Founder and CEO
Tom Muniz
Chief Technology Officer
Recent News
2026-01-19
News Powered by Cision
2026-01-16
Company data provided by crunchbase