Sr. Security GRC Solutions Architect

About The Position

Requirements

• Bachelor’s degree in Information Systems or a related field required.
• 5+ years of IT audit experience at professional CPA firm, experienced at testing ITGCs for SOX Compliance and/or IT Controls for SOC-1 and SOC-2 compliance or other. OR 8+ years in an IT GRC function, performing and/or implementing ITGCs for SOX Compliance and/or IT Controls for SOC-1 and SOC-2 Compliance.
• Proficiency in Excel (performing data manipulations such as pivots and macros, familiar with special formulas)
• Deep experience with Microsoft Sentinel and writing KQL (Kusto Query Language).
• Proven ability to build Azure Logic Apps or Power Automate workflows.
• Expert-level understanding of the Microsoft E5 Security suite (Entra ID, Purview, Defender for Cloud).
• Proficiency in Microsoft Word and Excel is a must.
• Strong understanding of IT control requirements for IT SOX ITGC and SOC-1 and SOC-2 compliance.
• Excellent technical writing; hands on experience with documenting for audit purposes and procedure writing.
• Negotiation with auditors, issue management, productive and constructive communication with auditors.
• Highly responsive and collaborative. Skilled at conflict resolution.
• Think strategically and solve problems effectively, partner with specialists to design effective, reliable controls, as much as possible. Ability to ask the right questions and understand complex technical topics.
• Ability to prioritize and track multiple projects in parallel.
• Manage the micro projects and push tasks forward assigned to you utilizing Greenbrier tasking tools available
• Proactively communicate task blockers and project issues
• Identify tasks needed, self-prioritize based on goals of the team, and proactively seek information to keep projects moving with ease
• Excellent cross-cultural relationship and trust building, superb communication, and strong organizational skills.

Nice To Haves

• CISA, CISSP, CPA, or other relevant certifications are preferred.
• 1+ years experience performing 3rd Party SOC Report Reviews, or performing SOC examinations and SOC reporting
• Experience performing or facilitating risk management and/or vendor risk assessment processes
• Bilingual in English and Spanish
• Understanding of security frameworks such as NIST CSF, ISO 27001.
• Ability to work on-site at our Lake Oswego, Oregon office; remote work from other locations may be considered based on business needs.

Responsibilities

• Bulk upload SOX/SOC audit requests to centralized tool during interim and roll-forward testing periods. Coordinate auditor access to Greenbrier systems, as needed.
• Monitor audit evidence request tickets in centralized tool to ensure responses to auditors meet agreed upon milestones. Facilitate evidence request issues and coordinate meetings between IT stakeholders and relevant auditors.
• Liaison between control owners and auditors/assessors for the evidence collection process and audit testing follow-ups. Assist Control Owners with evidence requests from auditors. Schedule meetings as needed.
• Facilitate and drive progress on control automation efforts, coordinating with subject matter experts, control owners, and automation teams.
• Ensure control description and design changes and relevant procedure documentation get updated into the GRC tool master control list in a timely manner.
• Work with control owners/performers to perform root cause analyses on control issues and deficiencies, initiate risk-based remediation plans, and follow escalation procedures. May facilitate control remediation execution.
• Support and implement control improvements, automation, and update relevant documentation, at the direction of management
• Using GRC Tool, monitor SOX/SOC controls for adequate completion by Control Owners and performers and secondary reviewers. Create dashboards for monitoring metrics by global region (U.S. vs. Europe)
• Design and track all assigned remediation plans through to timely completion. Provide status updates of remediation plans to key stakeholders within the organization. Document as needed.
• Proactively monitor audit follow-ups to identify potential control issues or failures, and missing or unavailable evidence, and follow internal escalation protocols immediately so GRC can triage.
• Provide audit, control, and evidence guidance to internal security and IT teams; Partner with internal and external stakeholders to assist the IT organization during audits.
• Replace manual spreadsheet tracking by architecting and deploying Sentinel Analytics Rules and KQL queries that monitor controls (e.g., terminated user access, privileged account activity, and unauthorized changes).
• Build and maintain Logic App Playbooks to automatically generate "Auditor-Ready" evidence packs upon control triggers, ensuring data is captured and preserved before log retention periods expire.
• Optimize the integration between our GRC tool (AuditBoard) and our ITSM (ServiceNow) to automate task routing, remediation tracking, and evidence uploads.
• Develop "SLA Breach" logic to detect process lags (e.g., HR termination vs. actual AD disablement) to provide GRC with immediate visibility into control failures before auditors find them.
• Act as the technical bridge between IT Stakeholders and Auditors. Instead of manual follow-ups, you will build AuditBoard dashboards that provide stakeholders with real-time status of their compliance posture.
• Work with control owners to perform root cause analysis on failures. If a control fails, you don't just document it; you help architect the technical fix or automation to prevent recurrence.
• Leverage UpGuard to streamline the assessment of 3rd-party SOC reports and security postures, integrating these findings into our centralized risk register.
• Update and maintain SOX/SOC Control Procedures to reflect automated workflows, ensuring that how we work matches how we are audited

Benefits

• Safety
• Quality
• Respect for People
• Customer Satisfaction