Senior Security Engineer - GRC

About The Position

Requirements

• A Bachelor’s degree in Computer Science or equivalent practical experience.
• Familiarity with infosec frameworks like SOC 2, NIST RMF, and ISO 27001.
• Demonstrated experience with global privacy frameworks (GDPR, CCPA/CPRA) and applying principles like Privacy by Design.
• A technical background in systems administration, software engineering, cloud security, or security engineering.
• Proven experience in security risk management and analysis.
• Prior experience leading a SOC 2 Type II, ISO 27001, CMMC or NIST 800-53 audit from start to finish.
• Hands-on experience with GRC platforms (e.g., Hyperproof, Drata, Anecdotes AI) and security tools like CSPM or vulnerability scanners.
• Experience working in a high-security research, academic, or national laboratory environment.
• Excellent communication skills, empathy for customers, and an excitement to learn and get things done right.

Responsibilities

• Implement and manage the NIST Risk Management Framework (RMF) to achieve and maintain compliance, mapping controls from standards like SOC 2, PCI, NIST 800-53, NIST 800-171, and CMMC.
• Drive the data privacy program by conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) and managing day-to-day operations like Data Subject Access Requests (DSARs).
• Design and execute a continuous internal audit program to validate the effectiveness of controls across both quantum R&D and classical infrastructure, leveraging automated evidence collection to ensure year-round audit readiness.
• Develop and enforce a comprehensive Data Governance framework that defines data ownership, classification, and lifecycle management specifically for sensitive quantum research data and proprietary algorithms.
• Assess and mitigate risks unique to a quantum computing R&D environment, including intellectual property protection, supply chain security for specialized hardware, and physical security of lab environments.
• Establish and mature the organization’s AI Governance Framework in alignment with the NIST AI RMF, performing risk assessments and security reviews of new AI tools and platforms.
• Ensure our cloud environments (e.g., AWS, GCP, Azure) are configured and audited against security benchmarks, driving the creation and management of a formal risk remediation roadmap.
• Spearhead the automation of GRC processes, building end-to-end compliance workflows in platforms like Jira to reduce manual effort in evidence collection and remediation tracking.
• Develop and maintain security metrics and dashboards to report on compliance posture, risk levels, and program maturity to leadership.
• Collaborate with technical and non-technical teams from legal to engineering, including on matters of technology, and prepare teams through training and exercises.

Benefits

• comprehensive medical, dental, and vision plans
• matching 401K
• unlimited PTO and paid holidays
• parental/adoption leave
• legal insurance
• a home technology stipend