Principal Cyber-Security Engineer - GRC and AI - Governance, Risk, and Compliance (GRC)

About The Position

Requirements

• Extensive experience in Cyber Security, with in-depth experience focused on GRC.
• Demonstrated experience designing, implementing, or operationalizing AI/ML solutions within a cyber security or GRC context.
• Deep knowledge of GRC industry frameworks and standards, including PCI DSS, SOC 2, ISO 27001, ISO 42001, CSA, NIST CSF, and the NIST AI Risk Management Framework.
• Experience with AI governance frameworks and emerging regulations, including the EU AI Act and NIST AI 600-1 (Generative AI).
• Experience using or evaluating GRC platforms (e.g., ServiceNow GRC, Archer, OneTrust) and integrating AI/automation capabilities into these tools.
• Proficiency in data analysis, scripting, or programming (e.g., Python) to support automation and AI integration efforts.
• Experience with large language models (LLMs), prompt engineering, or AI-assisted tools applied to compliance, risk, or audit workflows is highly desirable.
• Ability to translate complex technical and AI concepts into clear business language for executive and non-technical audiences.
• Proven ability to lead cross-functional initiatives, manage multiple high-priority projects concurrently, and deliver results in a fast-paced, evolving environment.
• Excellent written and verbal communication skills, with demonstrated ability to build trust and productive relationships across business functions and with external partners.

Nice To Haves

• Desired certifications: CISSP, CISA, CISM, CRISC; AI-related certifications (e.g., AWS/Azure/GCP AI certifications, AIGP) are a strong plus.

Responsibilities

• Architect and lead the implementation of AI-powered solutions to automate GRC workflows, including risk assessments, control monitoring, evidence collection, and policy management.
• Serve as the technical voice for AI adoption within the Cyber Security GRC program, defining strategy and roadmap for integrating AI/ML tools across compliance, risk management, and audit functions.
• Lead and coordinate complex, high-visibility audit engagements, ensuring stakeholder readiness and timely remediation of findings — leveraging AI tools to streamline evidence gathering and reporting.
• Drive the development of intelligent dashboards, risk signal automation, and natural language processing (NLP) tools to improve GRC transparency and decision-making for leadership.
• Identify opportunities to reduce manual, repetitive GRC processes through automation and AI augmentation, and champion the adoption of these improvements across the team.
• Partner with Engineering, Product, Legal, and Compliance teams to evaluate AI risk, including the governance of AI/ML models used within FICO products, ensuring alignment with applicable regulations and internal policies.
• Respond to and lead the resolution of complex governance, risk, and compliance inquiries from internal and external stakeholders, including customers and regulators.
• Develop and maintain GRC frameworks and standards aligned to PCI DSS, SOC 2, ISO 27001, ISO 42001, NIST CSF, NIST AI RMF, and emerging AI-specific regulatory requirements (e.g., EU AI Act, NIST AI 600-1).
• Mentor and coach junior and mid-level GRC team members on AI tools, automation techniques, and program best practices to accelerate team capability maturity.
• Act as a subject matter expert and thought leader, representing the GRC team in cross-functional AI governance discussions, customer calls, and industry forums.
• Assist Corporate Compliance and business units with compliance and security-related documentation, and provide expert guidance on GRC matters across the organization.

Benefits

• Highly competitive compensation and rewards.
• Flexible work options
• Opportunities to give back to your community
• Social events with colleagues
• Comprehensive benefits program inclusive of progressive parental leave.