Principal Security Engineer - GRC
About The Position
The Governance, Risk, and Compliance team helps GoDaddy identify, assess, and address security risk across the business. We lead regulatory and compliance audits, manage risk acceptances and exception workflows, support third-party risk activities, and define security standards and policies that guide teams across the company. This role is a strong fit for someone who wants to build a durable audit and controls program from the ground up, influence security strategy, and work directly with senior leaders on risk-based decision-making. The ideal candidate will gain the opportunity to shape a long-term security governance initiative, partner broadly across engineering and security teams, and drive meaningful improvements in how GoDaddy manages risk and audit readiness.
Requirements
- 10+ years of professional experience in information security, information technology, information technology audit, or related fields
- 6+ years of professional experience managing information security programs, audits, or formal assessment activities
- Experience building unified security controls frameworks across multiple compliance and regulatory standards
- Experience managing or performing audits using frameworks such as PCI DSS, NIST Cybersecurity Framework, NIST SP 800-53, ISO 27001, and SOC 2
- Experience assessing cloud environments such as AWS and applying core security engineering concepts such as threat modeling, architecture reviews, access management, and encryption
- Experience presenting audit results, risk posture, and remediation priorities to executive stakeholders
Nice To Haves
- Certifications like PCI ISA, CISA, CRISC, ISO Lead Assessor, CISSP, etc.
- Experience working at a Big 4 Audit firm(s)
Responsibilities
- Build and manage a unified security controls framework that supports regulatory and industry compliance requirements
- Perform targeted gap assessments across business units, with an initial focus on hosting environments and audit readiness
- Partner with engineering, product, legal, and other security teams to identify control gaps, evaluate compensating controls, and reduce risk
- Support internal and external audits across frameworks such as PCI DSS, SOC 2, ISO 27001, and other applicable regulations
- Develop reporting and present security risks, audit status, and remediation priorities to senior leadership, including the Chief Information Security Officer
- Drive scalable risk-based processes for exception management, risk acceptance workflows, and broader governance initiatives
Benefits
- competitive pay
- generous time off
- parental and wellness leave
- healthcare
- retirement savings program
- medical, dental, and vision insurance
- 401(k)-retirement plan
- paid sick time
- paid flexible time off
- paid parental leave
- life insurance
- short- and long-term disability
- AD&D insurance
- mental health or EAP programs
- remote or hybrid work options
- paid holidays
- paid Wellness days
- tuition assistance
- adoption, surrogacy, and fertility benefits
- dependent daycare and backup care benefits
- Employee stock purchase plan
- financial education and advice
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
Education Level
No Education Listed
