Senior Governance, Risk, and Compliance Engineer

About IonQ:

IonQ, Inc. [NYSE: IONQ] is the world’s leading quantum platform and merchant supplier - delivering integrated quantum solutions across computing, networking, sensing, and security. IonQ’s newest generation of quantum computers, the IonQ Tempo, is the latest in a line of cutting-edge systems that have been helping customers and partners achieve 20x performance results and accelerate innovation in drug discovery, materials science, financial modeling, logistics, cybersecurity, and defense. In 2025, the company achieved 99.99% two-qubit gate fidelity, setting a world record in quantum computing performance.

Headquartered in College Park, Maryland, IonQ has operations in California, Colorado, Massachusetts, Tennessee, Washington, Italy, South Korea, Sweden, Switzerland, Canada, and the United Kingdom.

Location:

This position can work onsite or hybrid from one of our offices or fully remote in the US.

Travel: Up to 10%

The Role:

We are looking for a Senior Governance, Risk, and Compliance (GRC) Engineer to join our Security team. As a Senior GRC Engineer, you’ll be part of a cross-functional team whose mission is to lead IonQ on its journey to build the world’s best quantum computers to solve the world’s most complex problems.

Quantum computing and national security are inseparable. IonQ operates at the intersection of cutting-edge research and the defense industrial base, making rigorous cybersecurity compliance a core business imperative. In this role, you will own and drive IonQ’s Cybersecurity Maturity Model Certification (CMMC) posture across the organization, from architecting compliant environments and leading C3PAO assessments to developing compliance strategy and advising internal teams at every level. The ideal candidate is a self-directed senior practitioner who can architect solutions, lead programs, and serve as the go-to internal expert across engineering, legal, and operations.

In your first 90 days you will conduct a comprehensive gap assessment of our current CMMC posture, map CUI data flows across all environments, and develop a prioritized roadmap for building or maturing our SSP and associated artifacts.

Responsibilities:

• Architect and own end-to-end CMMC implementation and audit readiness, including scoping strategy, control mapping, SSP and POA&M development, evidence collection, and remediation tracking across the organization.
• Interpret and apply DFARS clause requirements, including DFARS 252.204-7012, 252.204-7019, and 252.204-7020, translating contractual obligations into operational controls and owning accurate SPRS submissions.
• Lead recurring internal audits of NIST 800-171 security controls and drive end-to-end preparation for C3PAO assessments, including evidence packages, assessment logistics, and assessor coordination.
• Architect CUI environments to meet CMMC boundary requirements, including network segmentation, access control, media protection, and FIPS-validated encryption; lead evaluation of cloud environments against CMMC scoping guidance.
• Drive implementation of technical controls across NIST 800-171 practice families, including MFA, audit logging, configuration management, incident response, and vulnerability management.