Security Compliance and Oversight Subject Matter Expert (SME)

ABOUT NOOKS

Are you seeking an exciting and unique opportunity to grow and support our national security? As a startup, we are offering a limited-time opportunity to be an equity owner in a pioneering new industry. Nooks is pioneering Classified Infrastructure-as-a-Service (CIaaS) to provide government and industry partners with the fastest, most efficient access to classified infrastructure. We are building a nationwide network of accredited classified spaces and systems, ensuring that the best technologies equip our nation’s warfighters. At Nooks, we value innovation, collaboration, and a service-first mindset.

ABOUT THE ROLE

We are seeking a highly experienced and strategic Security Compliance and Oversight Subject Matter Expert (SME) to drive the integrity and continuous improvement of the US Space Force classified security posture. This enterprise-level role focuses on auditing, continuous monitoring, and regulatory reporting for all security disciplines: Personnel Security (PERSEC), Physical Security (PHYSEC), Information Security (INFOSEC), and Industrial Security (INDUSEC).

The SME will serve as the authoritative compliance resource for the HQ Special Security Officer (SSO) and Command leadership, responsible for developing and running a standardized internal inspection program and ensuring rigorous adherence to all Intelligence Community Directives (ICDs), Security Executive Agent Directives (SEADs), and DoD security regulations across the USSF enterprise.

KEY RESPONSIBILITIES:

1. Enterprise Auditing and Inspection Program Management

• Program Design & Implementation: Design, implement, and manage a robust security self-inspection and internal auditing program that covers all security domains (PHYSEC, PERSEC, INFOSEC, INDUSEC) across all USSF facilities.
• Compliance Assessments: Conduct recurring and unscheduled compliance vulnerability assessments and deep-dive gap analyses to identify systemic risks and ensure the USSF Enterprise meets all mandated security standards.
• Documentation Control: Serve as the final oversight authority for all security documentation, ensuring Standard Operating Procedures (SOPs), DD-254s, Facility Clearance Certificates (FFCs), and System Security Plans (SSPs) are current, accurate, and standardized across the entire enterprise.
• Remediation Management: Develop, manage, and track the remediation of all identified security weaknesses using a formal Plan of Action and Milestones (POA&M) approach, driving accountability across functional security leads.

2. Government Audit Readiness and Liaison

• Lead Coordinator: Serve as the lead coordinator and preparer for all external government security inspections, audits, and assessments (e.g., DCSA Security Assessments, IC Inspector General audits, Customer Audits).
• Reporting and Metrics: Synthesize complex security data and metrics from all domains to prepare comprehensive, auditable security records and reports for senior leadership and external government agencies.
• Audit Management: Act as the primary security liaison during external reviews, managing the flow of information, coordinating facility access, and ensuring timely responses to all findings.

3. Continuous Monitoring and Regulatory Reporting

• Continuous Monitoring (CM) Strategy: Develop and oversee the Continuous Monitoring strategy for all administrative, physical, and technical security controls across the enterprise, ensuring effective detection of security risks.
• Trend Analysis and Risk Identification: Analyze security data trends harvested from PERSEC (CE Alerts), INFOSEC (incident reports), and PHYSEC (IDS/ACS logs) to identify systemic, cross-domain risks and inform high-level risk mitigation strategies.
• Mandatory Reporting: Ensure all mandatory security reporting (e.g., adverse information, security violations, changes in status) to the Cognizant Security Authority (CSA) and other government security organizations is complete, accurate, and submitted within required regulatory timelines.

4. Policy, Standardization, and Training Oversight

• Policy Standardization: Serve as the expert on regulatory interpretation, reviewing, vetting, and standardizing all site-specific security SOPs to ensure uniformity and consistent compliance across the multi-site enterprise.
• Training Integrity: Collaborate with the functional security SMEs (Personnel, Physical, Information) to ensure all security training and awareness materials accurately reflect current enterprise policies and regulatory compliance requirements.
• Change Management: Participate in the change management process to proactively assess the security impact of new business initiatives, facility construction/modifications, and major IT system deployments.

THE SKILLSET:

• Experience: Minimum 10 years of dedicated professional experience in a security compliance, audit, or oversight role within the U.S. Defense or Intelligence Community.
• Clearance: Must possess and maintain an Active Top Secret (TS) / Sensitive Compartmented Information (SCI) eligibility security clearance. U.S. Citizenship is required.
• Regulatory Expertise: Expert-level knowledge of the entire security landscape, including NISPOM (32 CFR Part 117), ICD 705 (Physical), ICD 503 (Information), SEAD 4 (Foreign Contact), and the Risk Management Framework (RMF) for classified systems.
• Auditing & Systems: Proven track record of leading and successfully preparing for DCSA and/or IC Security Assessments. Proficiency with government security databases (DISS/NBIS, NISS, Scattered Castles) sufficient to verify and audit data integrity.
• Skills: Exceptional organizational, analytical, and written/verbal communication skills, with a proven ability to manage complex compliance projects and brief senior command leadership.

PREFERRED QUALIFICATIONS:

• Certification: Current security certification such as SPeD, Industrial Security Professional (ISP®) or Security Fundamentals Professional Certification (SFPC).
• Experience: Direct, embedded experience supporting the US Space Force or a similar Combatant Command SSO in an oversight or compliance role.
• Education: Bachelor’s degree in a relevant field (e.g., Security Management, Information Systems).

This position requires the ability to travel to USSF and partner facilities, work in Sensitive Compartmented Information Facilities (SCIFs), and involves physical requirements such as climbing stairs/ladders or working in confined spaces to complete facility inspections and assessments.

This employment offer is contingent upon continued funding of the underlying government contract. Should the contract be modified, or terminated, or if funding is reduced or eliminated, the employer reserves the right to adjust or rescind the offer accordingly.