Information Security GRC Analyst 3

Date: Jul 9, 2026

Location: Centennial, CO, US, 80112 Decatur, AL, US, 35601 Vandenberg AFB, CA, US, 93437 Cape Canaveral, FL, US, 32925

Company: United Launch Alliance

Requisition ID: 1839

Standard Weekly Hours: 40.00 

Location: ULA - Denver, ULA - Cape Canaveral, ULA - Decatur, ULA - Vandenberg AFB 

Relocation: Yes- Relocation may be available 

Travel Requirements: 10% 

 

At ULA, success comes through the efforts of a strong, united team.

 

Thanks for your interest in United Launch Alliance, the world's most experienced and reliable space launch company! Successfully launching more than 155 consecutive missions with 100% mission success doesn't happen by accident. It's a testament to the commitment and dedication of our team of rocket scientists and support employees combined with the systems and processes we use to pull them together. As a ULA employee, you'll have the opportunity to grow in your career while working in a team-oriented culture that combines technology, innovation, ingenuity and a commitment to the extraordinary. Whether you are in college just launching your career, or, have experience and want to come work with the best rocket team in the world, our unshakable unity yields stronger solutions and better results as we carry out our mission to save lives, explore the universe, and connect the world. Our team is excited to meet you!

Job Overview & Responsibilities

  

At ULA, Information Security GRC Analyst 3 plays a critical role in supporting cybersecurity, assurance, and compliance activities for mission‑focused Aerospace and Defense programs. This role ensures the organization maintains compliance with multiple U.S. government and commercial cybersecurity frameworks—such as CNSSI 1253, NIST SP 800‑171, NIST SP 800‑172, and ISO/IEC 27001:2022—while enabling secure, resilient, and efficient operations across unclassified environments.

This mid‑career position is ideal for an analytical, detail‑oriented professional with a solid grounding in risk management, cybersecurity controls, and compliance operations who is ready to take ownership of significant program responsibilities.

Key Responsibilities

  • Support governance, risk, and compliance activities across unclassified A&D programs.
  • Translate framework requirements (CNSSI 1253, NIST 800‑171/172, ISO 27001:2022) into actionable technical and procedural controls.
  • Assist with developing, maintaining, and improving System Security Plans (SSPs), POA&Ms, risk registers, and related artifacts.
  • Participate in system categorization, control inheritance, and continuous monitoring activities for information systems and enclaves.
  • Conduct risk assessments, document findings, and work with engineering and operations teams to define mitigation strategies.
  • Support internal and external audits, customer assessments, and inspection readiness activities.
  • Contribute to policy and procedure development and ensure alignment to regulatory, contractual, and corporate requirements.
  • Monitor changes in U.S. government cybersecurity policy, DoD directives, and commercial standards; assess impact to internal environments.
  • Assist with incident response processes from a compliance and documentation perspective.
  • Provide GRC guidance to project teams and stakeholders while maintaining a strong customer‑service orientation.

 

Required Education

Bachelor

 

Required Years of Experience

Minimum of 4 years of related work experience

 

Basic Qualifications

  • Bachelor's degree in a STEM (Science, Technology, Engineering, Mathematics) field from an accredited college or university
    • Four years of directly related exempt work experience may be used to satisfy the bachelor’s degree requirement 
  • Working knowledge of at least two of the following frameworks: CNSSI 1253, NIST SP 800‑53, NIST SP 800‑171/172, ISO/IEC 27001:2022 
  • Experience supporting compliance in regulated or defense‑aligned environments (DoD, IC, A&D contractors, or similar)
  • Strong analytical, documentation, and communication skills

 

Preferred Qualifications

  • Experience with Risk Management Framework (RMF) authorization packages or audits
  • Understanding of Zero Trust principles and enhanced cybersecurity requirements under 800‑172
  • Professional certifications such as Security+, CySA+, CISM, CISSP, CCP, or CCA preferred
  • Experience working with cross‑functional engineering, IT, and programming teams in high‑security environments
  • Prior experience with DFARS/CMMC compliance preferred

Summary Salary Range (for ULA - Denver, ULA - Cape Canaveral, ULA - Decatur, ULA - Vandenberg AFB only):  $104,087.00 - $173,479.00 

 

Please note that the salary information shown above is a general guideline only. Salaries are based upon a candidate's experience and qualifications, as well as internal equity, market and business considerations. Employees may be eligible for a discretionary annual bonus in addition to base pay. 

 

What makes ULA different?

Because we understand launch success comes through the collective efforts of a team, we seek the best to join us. We value ethics, ingenuity, engagement and professional development for employees at all levels.

 

We offer our employees competitive pay and benefits including:

  • 401(k) match plus an additional employer contribution
  • Discretionary annual incentive bonus for eligible employees
  • Generous paid time off
  • Flexible work environments

 

Additionally, most salaried ULA team members work a "9/80 schedule," meaning they enjoy every other Friday off.

 

Benefits and work schedules may vary for union-represented hourly positions and are described in the applicable collective bargaining agreement.

 

The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

 

Security Clearance / International Traffic In Arms Regulations (ITAR). This position requires use of information which is subject to the International Traffic In Arms Regulations (ITAR). Therefore, all applicants must be U.S. Persons as defined in ITAR 22 CFR 120.62 (e.g., U.S. Citizen, Lawful Permanent Resident (Green Card holder) or protected individual. See 8 U.S.C. 1101(a)(20) and 8 U.S.C. 1324b(a)(3) for additional information).

 

ULA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment.

 

ULA is a participant in the federal E-Verify Program. Posters in PDF format pertaining to this program can be accessed by clicking on the links identified below. E-Verify Participation poster (English / Spanish) and Right to Work Poster (English / Spanish).

 

Colorado Equal Pay for Equal Work Act requires covered employees to follow a post selection notification process. A hired candidate may opt out of this process by notifying the hiring manager in writing at the time the offer is accepted


Nearest Major Market: Denver