Senior Compliance Engineer, AI Governance

Denver, CO or Long Beach, CA or Washington, DC

True Anomaly seeks those with the talent and ambition to build innovative technology that solves the next generation of engineering, manufacturing, and operational challenges for space security and sustainability.

The peaceful use of space is essential for continued prosperity on Earth—from communications and finance to navigation and logistics. True Anomaly builds innovative technology at the intersection of spacecraft, software, and AI to enhance the capabilities of the U.S., its allies, and commercial partners. We safeguard global security by ensuring space access and sustainability for all.

• Be the offset. We create asymmetric advantages with creativity and ingenuity
• What would it take? We challenge assumptions to deliver ambitious results
• It’s the people. Our team is our competitive advantage and we are better together

We are seeking an experienced Sr. Compliance Engineer to join our Governance, Risk, and Compliance (GRC) team. This is an enterprise-focused role responsible for building, implementing, and sustaining the organizational compliance posture across key regulatory and security frameworks—with a primary emphasis on RMF (NIST 800-53 Rev. 5 + Classified Overlays), CMMC Level 3, NIST 800-171 Rev. 3 and ODP readiness and ongoing compliance operations.

Additionally, this role will focus on Export Administration Regulations (EAR), International Traffic in Arms Regulations (ITAR), and cyber regulations.

Unlike a product-centric security engineering role, this position is squarely focused on the people, processes, and controls that define how True Anomaly operates as a compliant organization. You will work across business units to assess control implementation, close compliance gaps, develop and mature policies, and ensure the organization is continuously audit-ready. The ideal candidate brings deep GRC knowledge, strong technical fluency, and the ability to engage credibly with both compliance assessors and internal engineering teams.

• Lead and support compliance assessment readiness across key organizational frameworks including NIST SP 800-171 Rev. 2 and 3, CMMC Level 3, NIST SP 800-53 Rev. 5, and the NIST Cybersecurity Framework (CSF).
• Provide direction on cybersecurity readiness to address EAR and ITAR-related controls and requirements.
• Drive CMMC readiness activities across the organization, including scoping, gap analysis, control implementation validation, evidence collection, and pre-assessment preparation.
• Review, maintain, and mature System Security Plans (SSPs) to accurately reflect organizational control implementations, system boundaries, and operational practices.
• Manage Plans of Actions and Milestones (POA&Ms), tracking open findings to resolution, communicating status to GRC leadership, and coordinating remediation efforts across responsible teams.
• Conduct internal compliance audits and control effectiveness reviews to ensure ongoing adherence to applicable frameworks and to surface emerging gaps before external assessments.
• Maintain audit-ready evidence repositories and documentation packages, ensuring traceability between controls, evidence, and framework requirements.

• Develop, update, and operationalize information security and compliance policies, standards, and procedures aligned to CMMC, NIST, and organizational risk tolerance.
• Translate regulatory and framework requirements into clear, enforceable internal policies and control specifications that business units can understand and implement.
• Drive policy adoption across the organization through communication, training coordination, and ongoing compliance monitoring activities.
• Establish and maintain a policy review and exception management lifecycle, ensuring policies remain current as requirements and organizational practices evolve.
• Develop policies as they may pertain to EAR and/or the ITAR.

• Serve as a primary GRC team resource for compliance questions, control guidance, and framework interpretation across engineering, IT, operations,…