GRC Engineer

About The Position

Requirements

• Minimum of four (4) years of related experience in security development technologies and practices.
• Professional experience with an architectural understanding of network security and application security.
• Experience with work on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.
• Strong knowledge of networking concepts, protocols (TCP/IP, HTTP, DNS, TLS) and technologies including firewalls, TLS, IDS/IPS system, cryptographic systems, identity management systems, RADIUS, etc.
• Experience with programming/scripting (Python/Perl/bash/etc.).
• Strong understanding of networking topologies and protocols.
• Experience working in multiple security domains with a focus on risk-based analysis of anomalies, detection and response.
• Proven experience with work on complex security issues where analysis of situations or data requires an in-depth evaluation of variable factors.
• Undergraduate degree in Computer Science, a related field, or equivalent.

Responsibilities

• Conduct cybersecurity risk assessments, including third-party/vendor risk evaluations (TPRM), with an emphasis on consistency, repeatability, and scalability
• Identify, analyze, and document security risks, threats, and vulnerabilities
• Support the development and maintenance of risk registers and risk treatment plans
• Assist in ensuring compliance with applicable regulations, standards, and frameworks (e.g., NIST CSF, PCI DSS, J-SOX, etc.)
• Contribute to the development, review, and maintenance of information security policies, standards, and procedures
• Support internal and external audits, including evidence collection and remediation tracking
• Monitor and report on compliance posture, control effectiveness, and risk metrics
• Help design, build, and maintain automation and tooling that reduces manual GRC effort and improves reliability
• Apply the most appropriate technical approach—custom scripts, low-code/no-code platforms, workflow automation, or AI-assisted techniques—based on problem complexity and process maturity
• Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud platforms) to support compliance by design
• Contribute to scalable approaches for evidence collection, control testing, risk tracking, and reporting
• Identify opportunities to reduce GRC toil and compliance friction for both the business and the security team
• Treat GRC capabilities as internal products, iteratively improving workflows, usability, and sustainability over time
• Partner with IT, engineering, legal, privacy, and business teams to support effective and practical security control implementation
• Translate regulatory and framework requirements into clear, implementable expectations
• Provide guidance and support to stakeholders to help them meet compliance requirements with minimal disruption
• Maintain awareness of emerging threats, regulatory changes, and industry best practices

Benefits

• potential for a semi-annual discretionary performance bonus
• comprehensive benefits package that includes medical, dental, vision, 401(k), and paid time off
• Relocation assistance may be available.