Governance Risk & Compliance Engineer

About The Position

Requirements

• Bachelor’s degree in computer science, Cybersecurity, or related engineering field; advanced degree preferred.
• Minimum 5 years of progressive experience in cybersecurity, security engineering, and/or risk management.
• Proven success managing compliance programs in cloud-native, SaaS/PaaS environments with high automation maturity.
• Demonstrated ability to manage customer-facing compliance engagements and audit preparation.
• Deep knowledge of, and experience working with, industry frameworks (NIST SP800-53, ISO 27001, SOC 2, CCPA, GDPR, HIPAA).
• Strong familiarity with AI/ML usage in security programs and risk analysis.
• Experience implementing and administering GRC tools/platforms.
• Proficiency in cloud security, AI security, secure development / DevSecOps practices, and infrastructure-as-code (IaC) security tooling.
• Experience implementing automated compliance and control validation pipelines.
• Excellent communication, stakeholder management, and executive reporting skills.
• Ability to influence cross-functional teams and operate in fast-paced, high-growth environments.
• Strong analytical, critical thinking, and decision-making capabilities.

Responsibilities

• Drive a compliance operating model that includes automated control testing, self-service reporting, and AI-enhanced risk analysis. Implement continuous control monitoring and evidence collection pipelines integrated into cloud-native and on-prem environments.
• Partner with engineering and product teams to define and codify security and compliance requirements as part of the SDLC. Introduce automated security/compliance tests into CI/CD pipelines to support shift-left practices.
• Use generative AI for compliance gap detection, policy mapping, risk triaging, and customer assurance functions.
• Oversee security and privacy assurance activities and assessments, internal/external audits, and attestation/certification initiatives (e.g., SOC 2, ISO 27001). Lead internal readiness for third-party audits and external assessments and maintain ongoing compliance posture.
• Utilize automation and GRC platforms to optimize gathering and maintenance of audit readiness documentation and audit evidence.
• Utilize AI-driven solutions to manage the organization’s responses to customers’ and partners’ cybersecurity requests (e.g. information security questionnaires).
• Enhance and execute third-party security risk management practices, including inherent / residual security risk assessment, vendor / supplier security due diligence reviews, vendor / supplier inventory management, ongoing security monitoring, and risk reporting.
• Build and maintain enterprise-level risk registers; facilitate and monitor security risk acceptance processes; design and maintain security risk measurement and monitoring including risk reporting.
• Grow and expand cybersecurity guidance through development and maintenance of cybersecurity policies, standards, and procedures.
• Manage security awareness programs through administration of regular security trainings, phishing simulations, and corporate communications.