CIGAM Software de Gestão

GRC Engineer

CIGAM Software de Gestão

full-time

Posted on:

Location Type: Hybrid

Location: TexasUnited States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSAzureCloudGoGoogle Cloud PlatformKubernetesPythonSDLCSQL

About the role

  • Lead technical risk assessments across applications, cloud services, third-party integrations, and internal systems.
  • Assess control effectiveness against frameworks such as NIST CSF, ISO 27001, SOC 2, PCI-DSS, and internal policies.
  • Develop and maintain detailed risk registers and mitigation plans.
  • Validate logging coverage, access controls, encryption configurations, and identity/security controls across cloud and infrastructure environments.
  • Contribute to the development and maintenance of security policies, technical standards, and architecture principles.
  • Translate compliance requirements into technical control specifications.
  • Support engineering teams in interpreting and implementing controls correctly.
  • Collaborate with internal audit and external auditors to provide evidence and narrative explanations for control effectiveness.
  • Serve as a technical advisor to product and infrastructure teams during design, build, and release cycles.
  • Improve risk assessment methodologies and tooling, including automation where possible.
  • Provide GRC insights into threat modeling, vendor security reviews, and third-party due diligence.
  • Support continuous improvement initiatives across governance, compliance, and risk processes.
  • Review product, application, and cloud infrastructure architectures for security control gaps, misconfigurations, and design risks.
  • Evaluate engineering design documents, data flow diagrams, and deployment patterns to ensure alignment with security best practices (e.g., zero trust, least privilege, secure SDLC).
  • Provide actionable recommendations to engineering teams to address identified risks.
  • Participate in security design reviews for new and evolving technologies

Requirements

  • 5+ years of experience in GRC, security engineering, architecture review, or related technical security roles.
  • Strong understanding of cloud platforms (AWS, GCP, Azure) and their native security controls.
  • Hands-on experience reviewing architecture diagrams, data flows, and engineering design patterns.
  • Deep familiarity with security frameworks: NIST CSF, ISO 27001/27002//27017/27018/42001, PCI-DSS, CIS, SOC 2 Trust Principles, and MITRE ATLAS/ATT&CK.
  • Proven ability to conduct comprehensive technical risk assessments.
  • AI/ML architecture/governance over MCP, RAG, and agentic workflows
  • API integration and orchestration
  • Coding and scripting capabilities using Python, SQL, Go, and Powershell
  • Understanding of CI/CD pipelines, container orchestration (Kubernetes), IAM, network security, and logging pipelines.
  • Excellent communication skills and ability to translate complex technical risks to business stakeholders.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
technical risk assessmentscloud security controlsarchitecture reviewsecurity frameworksAPI integrationscripting (Python, SQL, Go, Powershell)CI/CD pipelinescontainer orchestration (Kubernetes)logging pipelinesdata flow diagrams
Soft Skills
excellent communicationcollaborationtechnical advisingtranslating technical riskscontinuous improvement