Senior Compliance Engineer, AI Governance with Security Clearance
True Anomaly. Inc. Denver
Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it. OUR MISSION True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors - enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.
OUR VALUES * Be the offset. We create asymmetric advantages with creativity and ingenuity. * What would it take? We challenge assumptions to deliver ambitious results. * It's the people. Our team is our competitive advantage and we are better together.
Your Mission We are seeking a rare combination of disciplines: an experienced Sr. Compliance Engineer with deep AI Subject Matter Expertise (SME) and export compliance background to join our Governance, Risk, and Compliance (GRC) team. This role is responsible for building, implementing, and sustaining the organizational compliance posture across key regulatory and security frameworks - with a primary emphasis on RMF (NIST 800-53 Rev.
5 + Classified Overlays), CMMC Level 3, NIST 800-171 Rev. 3, EAR/ITAR cyber regulations, and - critically - the governance, risk management, and compliance controls surrounding AI/ML systems and large language models (LLMs) deployed across the enterprise.
2 and 3, CMMC Level 3, NIST SP 800-53 Rev. 5, and the NIST Cybersecurity Framework (CSF). * Provide direction on cybersecurity readiness to address EAR and ITAR-related controls and requirements. * Drive CMMC readiness activities across the organization, including scoping, gap analysis, control implementation validation, evidence collection, and pre-assessment preparation.
* Review, maintain, and mature System Security Plans (SSPs) to accurately reflect organizational control implementations, system boundaries, and operational practices - including AI/ML system boundaries and data flows. * Manage Plans of Actions and Milestones (POA&Ms), tracking open findings to resolution, communicating status to GRC leadership, and coordinating remediation efforts across responsible teams.
* Conduct internal compliance audits and control effectiveness reviews to ensure ongoing adherence to applicable frameworks and to surface emerging gaps before external assessments. * Maintain audit-ready evidence repositories and documentation packages, ensuring traceability between controls, evidence, and framework requirements.
AI Governance, Risk & Compliance (AI-GRC) * Serve as the organizational AI compliance SME - the primary authority on how AI/LLM systems (including OpenAI GPT models, Anthropic Claude, open-source models, and internally developed models) are evaluated, onboarded, and continuously governed within True Anomaly's compliance boundaries.
* Evaluate proposed AI/ML use cases for regulatory risk (EAR/ITAR, CMMC, data privacy) and provide compliance go/no-go determinations with documented rationale. * Collaborate with AI/ML engineers and DevSecOps teams to integrate compliance gates into CI/CD pipelines and MLOps workflows, ensuring model changes and prompt changes undergo review before production deployment.
* Maintain an AI system inventory, tracking all deployed models, APIs, integrations, and associated risk and compliance status. * Monitor emerging AI regulatory developments (e.g., EO 14110, NIST AI RMF, DoD AI Ethics Principles, EU AI Act implications for U.S. defense partners) and assess organizational impact.
Cross-Functional Compliance Enablement * Serve as a primary GRC team resource for compliance questions, control guidance, and framework interpretation across engineering, IT, operations, legal, and security teams. * Partner with IT and security operations teams to verify that technical controls - including access management, logging, configuration baselines, and incident response procedures - meet CMMC and NIST requirements at an organizational level.
* Partner with AI/ML engineers, data scientists, and product teams to embed compliance thinking into AI system design, model selection, and deployment architecture. * Collaborate with the Enterprise Risk Manager and broader GRC leadership to ensure compliance findings - including AI-specific risks - are reflected in the enterprise risk register and remediation priorities.
* Support the development of compliance training and awareness materials, including AI-specific training that builds organizational understanding of responsible AI use, LLM risk, and CMMC obligations. * Coordinate with external assessors, third-party auditors, and government partners during assessment engagements, serving as a knowledgeable point of contact for evidence walkthroughs and control discussions.
Qualifications * 7+ years of experience in IT security compliance, GRC, or a closely related discipline, with direct ownership of compliance program activities. * Demonstrated expertise in NIST SP 800-171, CMMC (Level 2 or 3), and NIST SP 800-53, with hands-on experience conducting gap assessments, implementing controls, and preparing organizations for external audits.
* Extensive, hands-on experience with AI/LLM systems, including practical knowledge of platforms such as OpenAI (GPT-4/o-series), Anthropic Claude, Meta Llama, Microsoft Azure OpenAI Service, and/or comparable commercial and open-source LLM ecosystems.
* Demonstrated ability to design, implement, and operationalize compliance controls within LLM pipelines, including guardrail layers, content filtering, audit logging hooks, and data classification enforcement. * Working knowledge of AI security risks, including prompt injection, jailbreaking, data exfiltration via LLM outputs, model inversion, and supply chain risks associated with third-party AI APIs.
* Familiarity with NIST AI Risk Management Framework (AI RMF) and its application to enterprise and defense AI deployments. * Strong understanding of SSP development and maintenance, POA&M management, and audit evidence lifecycle practices in an organizational (non-product) compliance context.
* Proven experience developing and operationalizing information security policies, standards, and procedures across a multi-disciplinary organization. * Strong communication skills with the ability to explain compliance requirements - including AI risk concepts - clearly to both technical practitioners and non-technical business stakeholders.
* Highly organized, with demonstrated ability to manage multiple concurrent compliance workstreams and deadlines in a fast-paced environment. * Active or ability to obtain SECRET or TS/SCI security clearance . * Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)). Preferred Qualifications * Strong EAR/ITAR background as it pertains to cybersecurity, AI-generated outputs, and policy development.
* J.D. focusing on technology law, export compliance (EAR and ITAR), AI regulation, or cyber law. * Experience building MLOps or AI DevSecOps pipelines with integrated compliance gates, including automated policy enforcement, prompt review workflows, or model change management processes.
* Hands-on experience with AI safety and alignment tooling (e.g., LangChain guardrails, NeMo Guardrails, Azure Content Safety, OpenAI Moderation API, Anthropic Constitutional AI/policy layer configurations). * Experience evaluating AI vendor agreements and data processing agreements against DoD/CMMC/ITAR data handling requirements.
OUR VALUES * Be the offset. We create asymmetric advantages with creativity and ingenuity. * What would it take? We challenge assumptions to deliver ambitious results. * It's the people. Our team is our competitive advantage and we are better together.
Your Mission We are seeking a rare combination of disciplines: an experienced Sr. Compliance Engineer with deep AI Subject Matter Expertise (SME) and export compliance background to join our Governance, Risk, and Compliance (GRC) team. This role is responsible for building, implementing, and sustaining the organizational compliance posture across key regulatory and security frameworks - with a primary emphasis on RMF (NIST 800-53 Rev.
5 + Classified Overlays), CMMC Level 3, NIST 800-171 Rev. 3, EAR/ITAR cyber regulations, and - critically - the governance, risk management, and compliance controls surrounding AI/ML systems and large language models (LLMs) deployed across the enterprise.
As AI becomes embedded in True Anomaly's operations, mission systems, and products, this role serves as the organizational authority on how AI capabilities are adopted, audited, and controlled responsibly. You will architect and operationalize compliance checkpoints and governance gates within LLM pipelines, evaluate AI vendors and platforms (including OpenAI, Anthropic Claude, and others) against classified and unclassified compliance requirements, and ensure AI-driven workflows satisfy both regulatory obligations and internal risk tolerance.
The ideal candidate brings deep GRC knowledge, hands-on AI/LLM engineering fluency, and the ability to engage credibly with compliance assessors, government partners, and internal AI/ML engineering teams alike. Responsibilities Compliance Program Execution * Lead and support compliance assessment readiness across key organizational frameworks including NIST SP 800-171 Rev.2 and 3, CMMC Level 3, NIST SP 800-53 Rev. 5, and the NIST Cybersecurity Framework (CSF). * Provide direction on cybersecurity readiness to address EAR and ITAR-related controls and requirements. * Drive CMMC readiness activities across the organization, including scoping, gap analysis, control implementation validation, evidence collection, and pre-assessment preparation.
* Review, maintain, and mature System Security Plans (SSPs) to accurately reflect organizational control implementations, system boundaries, and operational practices - including AI/ML system boundaries and data flows. * Manage Plans of Actions and Milestones (POA&Ms), tracking open findings to resolution, communicating status to GRC leadership, and coordinating remediation efforts across responsible teams.
* Conduct internal compliance audits and control effectiveness reviews to ensure ongoing adherence to applicable frameworks and to surface emerging gaps before external assessments. * Maintain audit-ready evidence repositories and documentation packages, ensuring traceability between controls, evidence, and framework requirements.
AI Governance, Risk & Compliance (AI-GRC) * Serve as the organizational AI compliance SME - the primary authority on how AI/LLM systems (including OpenAI GPT models, Anthropic Claude, open-source models, and internally developed models) are evaluated, onboarded, and continuously governed within True Anomaly's compliance boundaries.
* Design, implement, and maintain compliance checkpoints and enforcement gates within LLM pipelines, including: * Input/output filtering and content policy enforcement layers * Prompt injection detection and mitigation controls * Data classification guardrails to prevent CUI, ITAR-controlled, or classified data from flowing into non-authorized AI systems or endpoints * Automated audit logging of AI interactions for traceability and incident investigation * Model access control and role-based permissions within AI platforms * Conduct AI-specific risk assessments, including evaluation of AI vendor data handling practices, model training data provenance, and third-party AI API security postures against NIST AI RMF, NIST SP 800-53 AI overlays, and internal standards.
* Develop and enforce an AI System Acceptable Use Policy and supporting standards that govern how employees and systems interact with LLMs, including permissible data inputs, output handling, human-in-the-loop requirements, and escalation procedures.* Evaluate proposed AI/ML use cases for regulatory risk (EAR/ITAR, CMMC, data privacy) and provide compliance go/no-go determinations with documented rationale. * Collaborate with AI/ML engineers and DevSecOps teams to integrate compliance gates into CI/CD pipelines and MLOps workflows, ensuring model changes and prompt changes undergo review before production deployment.
* Maintain an AI system inventory, tracking all deployed models, APIs, integrations, and associated risk and compliance status. * Monitor emerging AI regulatory developments (e.g., EO 14110, NIST AI RMF, DoD AI Ethics Principles, EU AI Act implications for U.S. defense partners) and assess organizational impact.
Cross-Functional Compliance Enablement * Serve as a primary GRC team resource for compliance questions, control guidance, and framework interpretation across engineering, IT, operations, legal, and security teams. * Partner with IT and security operations teams to verify that technical controls - including access management, logging, configuration baselines, and incident response procedures - meet CMMC and NIST requirements at an organizational level.
* Partner with AI/ML engineers, data scientists, and product teams to embed compliance thinking into AI system design, model selection, and deployment architecture. * Collaborate with the Enterprise Risk Manager and broader GRC leadership to ensure compliance findings - including AI-specific risks - are reflected in the enterprise risk register and remediation priorities.
* Support the development of compliance training and awareness materials, including AI-specific training that builds organizational understanding of responsible AI use, LLM risk, and CMMC obligations. * Coordinate with external assessors, third-party auditors, and government partners during assessment engagements, serving as a knowledgeable point of contact for evidence walkthroughs and control discussions.
Qualifications * 7+ years of experience in IT security compliance, GRC, or a closely related discipline, with direct ownership of compliance program activities. * Demonstrated expertise in NIST SP 800-171, CMMC (Level 2 or 3), and NIST SP 800-53, with hands-on experience conducting gap assessments, implementing controls, and preparing organizations for external audits.
* Extensive, hands-on experience with AI/LLM systems, including practical knowledge of platforms such as OpenAI (GPT-4/o-series), Anthropic Claude, Meta Llama, Microsoft Azure OpenAI Service, and/or comparable commercial and open-source LLM ecosystems.
* Demonstrated ability to design, implement, and operationalize compliance controls within LLM pipelines, including guardrail layers, content filtering, audit logging hooks, and data classification enforcement. * Working knowledge of AI security risks, including prompt injection, jailbreaking, data exfiltration via LLM outputs, model inversion, and supply chain risks associated with third-party AI APIs.
* Familiarity with NIST AI Risk Management Framework (AI RMF) and its application to enterprise and defense AI deployments. * Strong understanding of SSP development and maintenance, POA&M management, and audit evidence lifecycle practices in an organizational (non-product) compliance context.
* Proven experience developing and operationalizing information security policies, standards, and procedures across a multi-disciplinary organization. * Strong communication skills with the ability to explain compliance requirements - including AI risk concepts - clearly to both technical practitioners and non-technical business stakeholders.
* Highly organized, with demonstrated ability to manage multiple concurrent compliance workstreams and deadlines in a fast-paced environment. * Active or ability to obtain SECRET or TS/SCI security clearance . * Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)). Preferred Qualifications * Strong EAR/ITAR background as it pertains to cybersecurity, AI-generated outputs, and policy development.
* J.D. focusing on technology law, export compliance (EAR and ITAR), AI regulation, or cyber law. * Experience building MLOps or AI DevSecOps pipelines with integrated compliance gates, including automated policy enforcement, prompt review workflows, or model change management processes.
* Hands-on experience with AI safety and alignment tooling (e.g., LangChain guardrails, NeMo Guardrails, Azure Content Safety, OpenAI Moderation API, Anthropic Constitutional AI/policy layer configurations). * Experience evaluating AI vendor agreements and data processing agreements against DoD/CMMC/ITAR data handling requirements.
* Familiarity with DoD AI Ethics Principles, Responsible AI (RAI) frameworks, and emerging federal AI governance requirements (e.g., EO 14110, OMB AI guidance). * Industry certifications such as: * Certified Information Systems Auditor (CISA) * Certified in Risk and Information Systems Control (CRISC) * Certified Information Systems Security Professional (CISSP) * CMMC Registered Practitioner (RP) or Certified Professional (CP) * CompTIA Security+ or equivalent * AWS/Azure AI or Security certifications * Background in startup,
True Anomaly. Inc.Denver
and ingenuity. * What would it take? We challenge assumptions to deliver ambitious results. * It's the people. Our team is our competitive advantage and we are better together. YOUR MISSION We are seeking an experienced Principal Compliance Engineer to lead...
Aveanna HealthcareDenver
for a compassionate SLP in the following area who would like to make a positive and lasting impact in the lives of their patients:
(Feeding Experience Preferred)
Caseload Location: Denver, CO 80219
Setting: Home Health
Schedule: Full-Time and Part-Time...
Aveanna HealthcareDenver
would like to make a positive and lasting impact in the lives of their patients.
Caseload Locations: Denver, Westminster, Commerce City, Colorado Springs, Pueblo, Loveland
Setting: Home Health
Schedule: Monday-Friday
Compensation: $60 - $85 per...