Play a critical role in the technical development, implementation, and maintenance of the GRC platform
Drive integration strategies between GRC platforms and enterprise systems to enable automated data sharing and reporting
Provide expert guidance and leadership on GRC technical matters to senior leadership and business stakeholders
Establish standardized workflows for risk assessments, exception handling, and remediation tracking to ensure consistency and accountability
Develop and implement compliance monitoring and reporting mechanisms in the GRC platform
Perform technical risk assessments as part of security exceptions to identify gaps and engage with the business to understand control environments and mitigation strategies
Oversee issue management processes for audit findings, risk mitigation, and compliance gaps, ensuring timely resolution
Provide expert guidance on GRC architectures and AI-agent development
Participate in the administration of GRC tools and AI-agents

Requirements

Bachelor's degree or equivalent work experience
10+ years of direct experience in information security governance, risk management, compliance and/or security engineering
Deep knowledge of leading practice GRC and compliance frameworks such as NIST 800-53 and CSF, CIS Controls, Cloud Security Alliance (CSA) CCM, etc.
Ability to translate controls into technical system configurations and implement security controls within cloud and on-prem environments
Direct experience in performing technical assessments of cloud environments and application security, within the context of risk management and compliance
Proficiency in scripting languages (Python, PowerShell, Bash) for automation
Strong familiarity with GRC tools (e.g., ServiceNow GRC, Archer, AuditBoard, etc.)
Relevant GRC and compliance certifications including Certified Information Systems Auditor/ Manager (CISA/CISM), CRISC, Cloud security certifications (AWS, Azure, GCP)

Benefits

Medical, dental, vision, health savings account or health reimbursement account
Healthcare spending accounts, dependent care spending accounts, life and AD&D insurance, disability insurance
401(k) with Company match, tuition reimbursement, charitable donation matching
Paid holidays and vacation, paid sick time, floating holidays, compassion and bereavement leaves, parental leave
Mental health & wellbeing programs, fitness programs, free and discounted games, and a variety of other voluntary benefit programs

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

information security governancerisk managementcompliancesecurity engineeringGRC frameworkstechnical assessmentsscripting languagessecurity controlscloud environmentsapplication security

Soft skills

leadershipguidancecommunicationproblem-solvingaccountability

Certifications

Certified Information Systems Auditor (CISA)Certified Information Security Manager (CISM)Certified in Risk and Information Systems Control (CRISC)AWS certificationAzure certificationGCP certification