Senior Security Engineer - GRC

IonQ, Inc. [NYSE: IONQ] is the world’s leading quantum platform and merchant supplier - delivering integrated quantum solutions across computing, networking, sensing, and security. IonQ’s newest generation of quantum computers, the IonQ Tempo, is the latest in a line of cutting-edge systems that have been helping customers and partners including Amazon Web Services, and AstraZeneca achieve 20x performance results and accelerate innovation in drug discovery, materials science, financial modeling, logistics, cybersecurity, and defense. In 2025, the company achieved 99.99% two-qubit gate fidelity, setting a world record in quantum computing performance.

Headquartered in College Park, Maryland, IonQ has operations in California, Colorado, Massachusetts, Tennessee, Washington, Italy, South Korea, Sweden, Switzerland, Canada, and the United Kingdom. Our quantum computing services are available through all major cloud providers, while we also meet the needs of networking and sensing customers across land, sea, air, and space. IonQ is making quantum platforms more accessible and impactful than ever before.  

Quantum computing and security are intimately connected. One day, quantum computers will render RSA trivially crackable; today, protecting our cutting-edge research is essential. As a Security Engineer focused on GRC, you’ll help drive our implementation of security audit programs and risk management frameworks. This is an opportunity to bring your diverse background into the future of computing. We’d love a blend of hands-on experience as well as tactical and strategic direction.

In the first three months, you’ll be helping to ensure that our environments meet audit standards through iterative review and automation so that we can meet advanced requirements in security standards.

• →Implement and manage the NIST Risk Management Framework (RMF) to achieve and maintain compliance, mapping controls from standards like SOC 2, PCI, NIST 800-53, NIST 800-171, and CMMC.
• →Drive the data privacy program by conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) and managing day-to-day operations like Data Subject Access Requests (DSARs).
• →Design and execute a continuous internal audit program to validate the effectiveness of controls across both quantum R&D and classical infrastructure, leveraging automated evidence collection to ensure year-round audit readiness.
• →Develop and enforce a comprehensive Data Governance framework that defines data ownership, classification, and lifecycle management specifically for sensitive quantum research data and proprietary algorithms.
• →Assess and mitigate risks unique to a quantum computing R&D environment, including intellectual property protection, supply chain security for specialized hardware, and physical security of lab environments.
• →Establish and mature the organization’s AI Governance Framework in alignment with the NIST AI RMF, performing risk assessments and security reviews of new AI tools and platforms.
• →Ensure our cloud environments (e.g., AWS, GCP, Azure) are configured and audited against security benchmarks, driving the creation and management of a formal risk remediation roadmap.
• →Spearhead the automation of GRC processes, building end-to-end compliance workflows in platforms like Jira to reduce manual effort in evidence collection and remediation tracking.
• →Develop and maintain security metrics and dashboards to report on compliance posture, risk levels, and program maturity to leadership.
• →Collaborate with technical and non-technical teams from legal to engineering, including on matters of technology, and prepare teams through training and exercises.

• A Bachelor’s degree in Computer Science or equivalent practical experience.
• Familiarity with infosec frameworks like SOC 2, NIST RMF, and ISO 27001.
• Demonstrated experience with global privacy frameworks (GDPR, CCPA/CPRA) and applying principles like Privacy by Design.
• A technical background in systems administration, software engineering, cloud security, or security engineering.
• Proven experience in security risk management and analysis.
• Prior experience leading a SOC 2 Type II, ISO 27001, CMMC or NIST 800-53 audit from start to finish.
• Hands-on experience with GRC platforms (e.g., Hyperproof, Drata, Anecdotes AI) and security tools like CSPM or vulnerability scanners.
• Experience working in a high-security research, academic, or national laboratory environment.
• Excellent communication skills, empathy for customers, and an excitement to learn and get things done right.

If you are interested in being a part of our team and mission, we encourage you to apply!