GRC Engineer

Seiso•Pittsburgh, PA

1d•Remote

About The Position

Seiso provides Security Simplified, offering frictionless, agile security programs tailored to match the speed and demands of modern pipelines. The company focuses on maximizing security with simplicity to provide information security solutions that are easy to understand and use. Seiso has a strong reputation for building highly customized information security systems for various sectors and has been recognized for its excellence by industry awards. Join us in helping our customers establish a security program that operates in all the right ways and fosters a continuous improvement mentality. Who We Are: Seiso’s culture can be summarized through our Core Values. Seiso: Exemplify our name by designing neat, clean, and organized solutions both internally and for our clients. Curiosity: Ask questions, think deeply and critically, consistently learn from and teach others, regularly improve and grow. Balance: Seek to demonstrate continual improvement with a reasonable, risk-based approach. Initiative: Demonstrate a true passion for building something great (sometimes from nothing) and willing to push to achieve success. The Position: We’re looking for a GRC Engineer focused on expanding their knowledge in the GRC practice, who has a passion for Security and is seeking the opportunity to work with some of the most technologically diverse clients in the U.S. This is a full-time remote role for a GRC Engineer at Seiso. The GRC Engineer will be responsible for day-to-day tasks related to governance, risk management, and compliance (GRC) activities. This includes assessing security risks, developing risk management strategies, ensuring compliance with regulations, and implementing security measures to protect company assets for our customers. The Location: This is a remote-first position servicing clients across the United States. Who Are You? You are a driven individual and prefer a people-focused, team-based environment that thrives on continuous development, continuous improvement, and constant communication. Your ideal organization allows for a remote-first workforce, as well as in-person activities for project focus work and team-building opportunities. You seek to be challenged in the Information Security field through direct community involvement, skills and capabilities improvement, and a proactive approach to security consultation. You are passionate about protecting the modern digital landscape being utilized in some of the highest risk environments, and ultimately, the people and data relying on the secure operation of technology.

Requirements

Experience in Governance, Risk, and Compliance with a focus on protecting companies through building a security program, security governance documentation, and engineering systems to be robust and resistant to attack.
Experience with common security frameworks and regulations such as ISO 27001/2, SOC2, HIPAA / HITECH, SOX, PCI-DSS, GDPR, NIST 800 series, ITIL, and CMMC.
Familiarity with risk assessments, managing third-party risk, and risk management programs.
Ability to write clear and concise information security policies, standards, and processes.
Experience with GRC tools and tracking mechanisms and assist in implementing process automation solutions in a client-facing environment
Applicant must have the ability to work with computers for extended periods of time.
Must be authorized to work in the United States.

Responsibilities

Advise others of information security concepts using presentations, reports, examples, and visualizations.
Provide support for other Engineers during assessments of client environments against industry standard frameworks to identify client’s current state of program maturity and identify applicable risks.
Create, develop, mature, and contribute to Seiso’s catalog of GRC services through product ownership and idea generation based on organizational goals.
Work with clients to identify and document their desired maturity state and risk-balanced state and develop a gap assessment and roadmap to guide the process of maturing towards their desired state.
Advise client’s teams at all levels from the C-Suite to individual contributors regarding information security governance through mediums such as presentations, reports, and visualizations.
Contribute to the development of best practice frameworks suitable for use during assessments and improvement planning, and integration with assessment toolsets.