GRC Engineer

Our client is a disruptor in the cloud computing space. Their innovative technology is used to support atmospheric imagery and analytics. They are hiring a GRC Engineer to support their security risk management program.

The GRC Engineer will be responsible for developing and implementing information security processes and controls, while ensuring regulatory compliance. This individual will work tactically with both internal and external stakeholders to ensure governance risk and compliance initiatives align with the overall business goals of the company.

This Role Offers:

• Exceptional compensation and benefits offerings with medical/dental/vision, disability, and life insurance; 401(K); unlimited PTO; equity opportunities; and more.
• Work alongside a team of strong cloud professionals looking to transform the capabilities of the data intelligence industry.
• Culture of integrity, high performance, and innovative ideas.
• Company that invests in their employee’s careers by giving them ample opportunity for growth.
• Close-knit, family-oriented company – they celebrate their wins and accomplishments together as a team.

Focus:

• Responsible for the strategy, design, implementation, and management of the information security program.
• Oversee IT risk analysis, security audits, and regulatory activities, acting as SME on governance risk and compliance.
• Review and evaluate security risks and provide opportunities to improve security implementation and automation.
• Develop and maintain security risk management processes and standards.
• Align IT standards, frameworks, and security with overall business and technology strategy.
• Research, evaluate, and implement new GRC tools.
• Install, monitor, and maintain security controls. Review from time to time and provide recommendations for effectiveness.
• Spearhead IT process development and identify opportunities for controls improvements.
• Stay up to date on relevant IT security frameworks, including NIST and SOC2.
• Ensure best practices and compliance with all state, federal, and regulatory requirements.

Skill Set:

• 5+ years of GRC or cybersecurity engineering experience.
• Bachelor’s degree in Computer Science, Information Systems Management, or other technical field required.
• DoD background preferred. Security clearance a plus.
• Hands-on experience in information security auditing, security control development, and risk analysis concepts. Knowledge of applicable frameworks (NIST, SOC2, ISO 27001) required.
• Knowledge of regulatory standards and best practices for security.
• Prior experience managing risk assessment activities.
• Comfortable creating and leading presentations to all levels of leadership. Must be able to deliver technical solutions to non-technical audiences.
• Ability to see big picture goals and create actionable roadmaps for security programs, technology, and business initiatives to get there.