Nooks
Security Compliance and Oversight Subject Matter Expert (SME)
Nooks, Colorado Springs, Colorado, United States, 80509
Security Compliance and Oversight Subject Matter Expert (SME)
Join to apply for the
Security Compliance and Oversight Subject Matter Expert (SME)
role at
Nooks .
About Nooks Are you seeking an exciting and unique opportunity to grow and support our national security? As a startup, we are offering a limited‑time opportunity to be an equity owner in a pioneering new industry. Nooks is pioneering Classified Infrastructure‑as‑a‑Service (CIaaS) to provide government and industry partners with the fastest, most efficient access to classified infrastructure. We are building a nationwide network of accredited classified spaces and systems, ensuring that the best technologies equip our nation’s warfighters. At Nooks, we value innovation, collaboration, and a service‑first mindset.
About The Role We are seeking a highly experienced and strategic Security Compliance and Oversight Subject Matter Expert (SME) to drive the integrity and continuous improvement of the US Space Force classified security posture. This enterprise‑level role focuses on auditing, continuous monitoring, and regulatory reporting for all security disciplines: Personnel Security (PERSEC), Physical Security (PHYSEC), Information Security (INFOSEC), and Industrial Security (INDUSEC).
The SME will serve as the authoritative compliance resource for the HQ Special Security Officer (SSO) and Command leadership, responsible for developing and running a standardized internal inspection program and ensuring rigorous adherence to all Intelligence Community Directives (ICDs), Security Executive Agent Directives (SEADs), and DoD security regulations across the USSF enterprise.
Key Responsibilities
Enterprise Auditing and Inspection Program Management
Program Design & Implementation: Design, implement, and manage a robust security self‑inspection and internal auditing program that covers all security domains (PHYSEC, PERSEC, INFOSEC, INDUSEC) across all USSF facilities.
Compliance Assessments: Conduct recurring and unscheduled compliance vulnerability assessments and deep‑dive gap analyses to identify systemic risks and ensure the USSF Enterprise meets all mandated security standards.
Documentation Control: Serve as the final oversight authority for all security documentation, ensuring SOPs, DD‑254s, Facility Clearance Certificates (FFCs), and System Security Plans (SSPs) are current, accurate, and standardized across the entire enterprise.
Remediation Management: Develop, manage, and track remediation of all identified security weaknesses using a formal POA&M approach, driving accountability across functional security leads.
Government Audit Readiness and Liaison: Lead coordinator and preparer for all external government security inspections, audits, and assessments (e.g., DCSA Security Assessments, IC Inspector General audits, Customer Audits).
Reporting and Metrics: Synthesize complex security data and metrics from all domains to prepare comprehensive, auditable security records and reports for senior leadership and external government agencies.
Audit Management: Act as the primary security liaison during external reviews, managing information flow, coordinating facility access, and ensuring timely responses to all findings.
Continuous Monitoring and Regulatory Reporting: Develop and oversee the Continuous Monitoring strategy for all administrative, physical, and technical security controls across the enterprise, ensuring effective detection of security risks.
Trend Analysis and Risk Identification: Analyze security data trends harvested from PERSEC (CE Alerts), INFOSEC (incident reports), and PHYSEC (IDS/ACS logs) to identify systemic, cross‑domain risks and inform high‑level risk mitigation strategies.
Policy, Standardization, and Training Oversight: Serve as the expert on regulatory interpretation, reviewing, vetting, and standardizing all site‑specific security SOPs to ensure uniformity and consistent compliance; collaborate with functional security SMEs to ensure training materials accurately reflect current policies.
Change Management: Participate in the change management process to proactively assess the security impact of new business initiatives, facility construction/modifications, and major IT system deployments.
The Skillset
Experience: Minimum 10 years of dedicated professional experience in a security compliance, audit, or oversight role within the U.S. Defense or Intelligence Community.
Clearance: Must possess and maintain an Active Top Secret (TS) / Sensitive Compartmented Information (SCI) eligibility security clearance. U.S. Citizenship is required.
Regulatory Expertise: Expert‑level knowledge of the entire security landscape, including NISPOM (32 CFR Part 117), ICD 705 (Physical), ICD 503 (Information), SEAD 4 (Foreign Contact), and the Risk Management Framework (RMF) for classified systems.
Auditing & Systems: Proven track record of leading and successfully preparing for DCSA and/or IC Security Assessments. Proficiency with government security databases (DISS/NBIS, NISS, Scattered Castles) sufficient to verify and audit data integrity.
Skills: Exceptional organizational, analytical, and written/verbal communication skills, with a proven ability to manage complex compliance projects and brief senior command leadership.
Preferred Qualifications
Certification: Current security certification such as SPeD, Industrial Security Professional (ISP®) or Security Fundamentals Professional Certification (SFPC).
Experience: Direct, embedded experience supporting the US Space Force or a similar Combatant Command SSO in an oversight or compliance role.
Education: Bachelor’s degree in a relevant field (e.g., Security Management, Information Systems).
Travel to USSF and partner facilities, work in Sensitive Compartmented Information Facilities (SCIFs), and physical requirements such as climbing stairs/ladders or working in confined spaces to complete facility inspections and assessments.
This employment offer is contingent upon continued funding of the underlying government contract. Should the contract be modified, or terminated, or if funding is reduced or eliminated, the employer reserves the right to adjust or rescind the offer accordingly.
Salary Range: $140,000 USD – $170,000 USD
Senior Level
Mid‑Senior level
Employment Type
Contract
Job Function
Other
Industries
Defense and Space Manufacturing
Location: Colorado Springs, CO
#J-18808-Ljbffr
Security Compliance and Oversight Subject Matter Expert (SME)
role at
Nooks .
About Nooks Are you seeking an exciting and unique opportunity to grow and support our national security? As a startup, we are offering a limited‑time opportunity to be an equity owner in a pioneering new industry. Nooks is pioneering Classified Infrastructure‑as‑a‑Service (CIaaS) to provide government and industry partners with the fastest, most efficient access to classified infrastructure. We are building a nationwide network of accredited classified spaces and systems, ensuring that the best technologies equip our nation’s warfighters. At Nooks, we value innovation, collaboration, and a service‑first mindset.
About The Role We are seeking a highly experienced and strategic Security Compliance and Oversight Subject Matter Expert (SME) to drive the integrity and continuous improvement of the US Space Force classified security posture. This enterprise‑level role focuses on auditing, continuous monitoring, and regulatory reporting for all security disciplines: Personnel Security (PERSEC), Physical Security (PHYSEC), Information Security (INFOSEC), and Industrial Security (INDUSEC).
The SME will serve as the authoritative compliance resource for the HQ Special Security Officer (SSO) and Command leadership, responsible for developing and running a standardized internal inspection program and ensuring rigorous adherence to all Intelligence Community Directives (ICDs), Security Executive Agent Directives (SEADs), and DoD security regulations across the USSF enterprise.
Key Responsibilities
Enterprise Auditing and Inspection Program Management
Program Design & Implementation: Design, implement, and manage a robust security self‑inspection and internal auditing program that covers all security domains (PHYSEC, PERSEC, INFOSEC, INDUSEC) across all USSF facilities.
Compliance Assessments: Conduct recurring and unscheduled compliance vulnerability assessments and deep‑dive gap analyses to identify systemic risks and ensure the USSF Enterprise meets all mandated security standards.
Documentation Control: Serve as the final oversight authority for all security documentation, ensuring SOPs, DD‑254s, Facility Clearance Certificates (FFCs), and System Security Plans (SSPs) are current, accurate, and standardized across the entire enterprise.
Remediation Management: Develop, manage, and track remediation of all identified security weaknesses using a formal POA&M approach, driving accountability across functional security leads.
Government Audit Readiness and Liaison: Lead coordinator and preparer for all external government security inspections, audits, and assessments (e.g., DCSA Security Assessments, IC Inspector General audits, Customer Audits).
Reporting and Metrics: Synthesize complex security data and metrics from all domains to prepare comprehensive, auditable security records and reports for senior leadership and external government agencies.
Audit Management: Act as the primary security liaison during external reviews, managing information flow, coordinating facility access, and ensuring timely responses to all findings.
Continuous Monitoring and Regulatory Reporting: Develop and oversee the Continuous Monitoring strategy for all administrative, physical, and technical security controls across the enterprise, ensuring effective detection of security risks.
Trend Analysis and Risk Identification: Analyze security data trends harvested from PERSEC (CE Alerts), INFOSEC (incident reports), and PHYSEC (IDS/ACS logs) to identify systemic, cross‑domain risks and inform high‑level risk mitigation strategies.
Policy, Standardization, and Training Oversight: Serve as the expert on regulatory interpretation, reviewing, vetting, and standardizing all site‑specific security SOPs to ensure uniformity and consistent compliance; collaborate with functional security SMEs to ensure training materials accurately reflect current policies.
Change Management: Participate in the change management process to proactively assess the security impact of new business initiatives, facility construction/modifications, and major IT system deployments.
The Skillset
Experience: Minimum 10 years of dedicated professional experience in a security compliance, audit, or oversight role within the U.S. Defense or Intelligence Community.
Clearance: Must possess and maintain an Active Top Secret (TS) / Sensitive Compartmented Information (SCI) eligibility security clearance. U.S. Citizenship is required.
Regulatory Expertise: Expert‑level knowledge of the entire security landscape, including NISPOM (32 CFR Part 117), ICD 705 (Physical), ICD 503 (Information), SEAD 4 (Foreign Contact), and the Risk Management Framework (RMF) for classified systems.
Auditing & Systems: Proven track record of leading and successfully preparing for DCSA and/or IC Security Assessments. Proficiency with government security databases (DISS/NBIS, NISS, Scattered Castles) sufficient to verify and audit data integrity.
Skills: Exceptional organizational, analytical, and written/verbal communication skills, with a proven ability to manage complex compliance projects and brief senior command leadership.
Preferred Qualifications
Certification: Current security certification such as SPeD, Industrial Security Professional (ISP®) or Security Fundamentals Professional Certification (SFPC).
Experience: Direct, embedded experience supporting the US Space Force or a similar Combatant Command SSO in an oversight or compliance role.
Education: Bachelor’s degree in a relevant field (e.g., Security Management, Information Systems).
Travel to USSF and partner facilities, work in Sensitive Compartmented Information Facilities (SCIFs), and physical requirements such as climbing stairs/ladders or working in confined spaces to complete facility inspections and assessments.
This employment offer is contingent upon continued funding of the underlying government contract. Should the contract be modified, or terminated, or if funding is reduced or eliminated, the employer reserves the right to adjust or rescind the offer accordingly.
Salary Range: $140,000 USD – $170,000 USD
Senior Level
Mid‑Senior level
Employment Type
Contract
Job Function
Other
Industries
Defense and Space Manufacturing
Location: Colorado Springs, CO
#J-18808-Ljbffr