Principal Security Engineer - GRC

GoDaddy

8h•Remote

About The Position

At GoDaddy the future of work looks different for each team. Some teams work in the office full-time, others have a hybrid arrangement (they work remotely some days and in the office some days) and some work entirely remotely. This is a remote position, so you’ll be working remotely from your home. You may occasionally visit a GoDaddy office to meet with your team for events or meetings. This position is not eligible to be performed in Alaska, Mississippi, North Dakota, or the Virgin Islands. GoDaddy is not currently considering candidates for this role in California, Seattle, or NYC. Join our team Do you want to be an Information Security Leader at GoDaddy? We help solve large-scale and cross-company issues while ensuring that partnership with the development and operational communities remain front of mind. GoDaddy is looking for a Principal Risk Engineer with security risk management experience, technical depth, strong leadership abilities, and experience building and performing information security audits and gap assessments. You must be comfortable communicating with internal teams and external auditors, designing and leading security campaigns, and prioritizing the resolution of audit findings while applying a risk-based approach. As a team, we will help identify any gaps in security control implementation, design solutions to manage security risks at scale, and provide the information needed to make risk-based decisions and planning.

Requirements

10+ years of professional experience in Information Security or related fields such as Information Technology, IT Audit, etc.
6+ years of dynamic experience managing programs related to information security and information security audits
Experience building unified security controls frameworks
Experience managing audits applying compliance frameworks such as PCI DSS, NIST CSF, NIST 800-53, ISO, SOC-2 etc.
Executive reporting on the status of security programs and campaigns
Experience in Security Engineering concepts such as Threat modeling and architecture reviews
Experience with auditing cloud infrastructure such as AWS

Nice To Haves

A bachelor’s degree in computer science or related field
Certifications like PCI ISA, CISA, CRISC, ISO Lead Assessor, CISSP, etc.
Experience working at a Big 4 Audit firm(s)

Responsibilities

Build and manage a Security Controls framework that encompasses the regulatory and industry compliance frameworks we follow
Perform targeted gap assessments to identify any deviations from the control framework
Propose and manage enterprise-wide security campaigns for managing deviations to reduce risk
Partner with other InfoSec teams and Engineering teams to define and prioritize security initiatives and investments guided by risk assessment principles
Align risk management initiatives with applicable compliance regulations