• Provides effective network security implementation and consulting services for multiple unique customers and environments • Implement and manage SASE technologies from ZScaler and potentially other vendors like Netskope or Palo Alto • Implement and manage firewall platforms from Palo Alto, Fortigate, Check Point or Cisco • Develop high-level network security documentation including as-builts, recommendations, implementation guides, network diagrams

About IonQ: IonQ, Inc. [NYSE: IONQ] is the world’s leading quantum company delivering solutions to solve the world’s most complex problems. IonQ’s newest generation quantum computers, IonQ Tempo and IonQ Forte Enterprise, are the latest in cutting-edge systems that have been helping customers and partners such as Amazon Web Services, AstraZeneca, and NVIDIA achieve 20x performance results. The company achieved 99.99% two-qubit gate fidelity, setting a world record in quantum computing performance in 2025. The company is accelerating its technology roadmap and intends to deliver the world’s most powerful quantum computers with 2 million qubits by 2030 to accelerate innovation in drug discovery, materials science, financial modeling, logistics, cybersecurity, and defense. IonQ’s advancements in quantum networking position the company as a leader in building the quantum internet. Location: This position can work onsite or hybrid from one of our offices (College Park, MD, Bothell, WA) or fully remote in the US. Travel: Minimal, less than 10% Job ID: 1456 The Role: Quantum computing and security are intimately connected. One day, quantum computers will render RSA trivially crackable; today, protecting our cutting-edge research is essential. As a Security Engineer focused on GRC, you’ll help drive our implementation of security audit programs and risk management frameworks. This is an opportunity to bring your diverse background into the future of computing. We’d love a blend of hands-on experience as well as tactical and strategic direction. In the first three months, you’ll be helping to ensure that our environments meet audit standards through iterative review and automation so that we can meet advanced requirements in security standards. Responsibilities: - Implement and manage the NIST Risk Management Framework (RMF) to achieve and maintain compliance, mapping controls from standards like SOC 2, PCI, NIST 800-53, NIST 800-171, and CMMC. - Drive the data privacy program by conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) and managing day-to-day operations like Data Subject Access Requests (DSARs). - Design and execute a continuous internal audit program to validate the effectiveness of controls across both quantum R&D and classical infrastructure, leveraging automated evidence collection to ensure year-round audit readiness. - Develop and enforce a comprehensive Data Governance framework that defines data ownership, classification, and lifecycle management specifically for sensitive quantum research data and proprietary algorithms. - Assess and mitigate risks unique to a quantum computing R&D environment, including intellectual property protection, supply chain security for specialized hardware, and physical security of lab environments. - Establish and mature the organization’s AI Governance Framework in alignment with the NIST AI RMF, performing risk assessments and security reviews of new AI tools and platforms. - Ensure our cloud environments (e.g., AWS, GCP, Azure) are configured and audited against security benchmarks, driving the creation and management of a formal risk remediation roadmap. - Spearhead the automation of GRC processes, building end-to-end compliance workflows in platforms like Jira to reduce manual effort in evidence collection and remediation tracking. - Develop and maintain security metrics and dashboards to report on compliance posture, risk levels, and program maturity to leadership. - Collaborate with technical and non-technical teams from legal to engineering, including on matters of technology, and prepare teams through training and exercises. Requirements: - A Bachelor’s degree in Computer Science or equivalent practical experience. - Familiarity with infosec frameworks like SOC 2, NIST RMF, and ISO 27001. - Demonstrated experience with global privacy frameworks (GDPR, CCPA/CPRA) and applying principles like Privacy by Design. - A technical background in systems administration, software engineering, cloud security, or security engineering. - Proven experience in security risk management and analysis. - Prior experience leading a SOC 2 Type II, ISO 27001, CMMC or NIST 800-53 audit from start to finish. - Hands-on experience with GRC platforms (e.g., Hyperproof, Drata, Anecdotes AI) and security tools like CSPM or vulnerability scanners. - Experience working in a high-security research, academic, or national laboratory environment. - Excellent communication skills, empathy for customers, and an excitement to learn and get things done right. The approximate base salary range for this position is $83,430 - $109,232. The total compensation package includes base, bonus, equity, and a range of benefit options found on our career site. Compensation will vary based on individual factors such as education, qualifications, and experience of the final candidate(s), specific office location, and calibration against relevant market data and internal team equity. Posted base salary figures are subject to change as new market data becomes available. Our benefits include comprehensive medical, dental, and vision plans, matching 401K, unlimited PTO and paid holidays, parental/adoption leave, legal insurance, and a home technology stipend. Details of participation in these benefit plans will be provided when a candidate receives an offer of employment. IonQ's HQ is located in College Park, Maryland, just outside of Washington DC. We are actively building out our recently opened manufacturing and production facility in Bothell, WA (near Seattle). Depending on the position, you may be required to be near one of our offices in College Park, Seattle, Toronto, Canada, and Basel, Switzerland. However, IonQ will expand into additional domestic and international geographies, so don’t let this stop you from applying! At IonQ, we believe in fair treatment, access, opportunity, and advancement for all while striving to identify and eliminate barriers. We empower employees to thrive by fostering a culture of autonomy, productivity, and respect. We are dedicated to creating an environment where individuals can feel welcomed, respected, supported, and valued. We are committed to equity and justice. We welcome different voices and viewpoints and do not discriminate on the basis of race, religion, ancestry, physical and/or mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, transgender status, age, sexual orientation, military or veteran status, or any other basis protected by law. We are proud to be an Equal Employment Opportunity employer. US Technical Jobs. The position you are applying for will require access to technology that is subject to U.S. export control and government contract restrictions. Employment with IonQ is contingent on either verifying “U.S. Person” (e.g., U.S. citizen, U.S. national, U.S. permanent resident, or lawfully admitted into the U.S. as a refugee or granted asylum) status for export controls and government contracts work, obtaining any necessary license, and/or confirming the availability of a license exception under U.S. export controls. Please note that in the absence of confirming you are a U.S. Person for export control and government contracts work purposes, IonQ may choose not to apply for a license or decline to use a license exception (if available) for you to access export-controlled technology that may require authorization, and similarly, you may not qualify for government contracts work that requires U.S. Persons, and IonQ may decline to proceed with your application on those bases alone. Accordingly, we will have some additional questions regarding your immigration status that will be used for export control and compliance purposes, and the answers will be reviewed by compliance personnel to ensure compliance with federal law. US Non-Technical Jobs. Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum. Accordingly, we will have some additional questions regarding your immigration status that will be used for export control and compliance purposes, and the answers will be reviewed by compliance personnel to ensure compliance with federal law. If you are interested in being a part of our team and mission, we encourage you to apply!

• Orchestrate the end-to-end lifecycle of security incidents, from initial detection and triage through to final remediation and recovery. • Act as the primary communication bridge between technical responders and executive leadership, translating complex technical data into clear, actionable updates. • Optimize scalable response playbooks to standardize how the organization handles evolving threats and modern attack vectors. • Lead post-mortem retrospectives to identify systemic gaps and drive the implementation of long-term preventative measures into the engineering backlog. • Drive the program lifecycle for technical security initiatives, managing everything from initial requirements gathering to deployment and post-launch support. • Translate business needs into crisp technical requirements that engineering teams can execute against effectively. • Partner with Security Leadership to ensure initiatives are delivered on time, within scope, and meet our rigorous internal quality standards. • Identify and mitigate trade-offs, managing technical debt and ensuring that our security solutions are built for long-term scalability.

• Oversee the internal cybersecurity program, road map, and strategy, which includes developing and implementing procedures and policies designed to protect Waymark communications, systems, and assets from internal and external threats and that safeguards health information. • Oversee and manage Waymark’s MSSP and outsourced IT vendor, including responsibility for security and IT budgets, and IT tools used by Waymark. • Partner with Product, Engineering, Legal, and Compliance leadership to determine risks and deploy risk management processes, supporting Waymark’s secure software development lifecycle and ensuring that our internally developed products and services meet the expectations of our patients, customers and regulators • Own, define and oversee the necessary security operational functions such as Identity Management, Vulnerability Management, Incident Response, Security Awareness, and Vendor Risk Management • Serve as Waymark’s HIPAA Security Officer, ensuring compliance with the HIPAA Security Rule, working closely with the legal team to document, review, maintain, and implement standards, policies, and procedures within security disciplines. • Lead the strategy, implementation, and maintenance of industry-standard security certifications, including SOC2 Type II. • Conduct research, analysis, and correlation across a wide variety of source data to identify and prevent compromise of our networks, host systems, and data. • Track and report on network security to the Waymark executive leadership team