Senior Security Engineer, GRC

View full description

Requirements:

• Have 6 to 8 years of experience in Information Technology, Security Engineering, Governance, Risk and Compliance
• Will have familiarity setting up APIs and Webhooks, at least one scripting language, and at least one public cloud architecture and control tool
• Experience conducting security compliance reviews and audits for SaaS products and hosted environments including AWS and Azure.
• Have strong knowledge of information security risk management and information security technologies (e.g: SIEM, vulnerability management, data loss prevention and /or endpoint protection)
• Thrive in fast-paced environments and can adapt quickly in the face of constantly evolving cybersecurity challenges
• Strong project management skills with the ability to lead and execute security assessment projects, vendor evaluations and initiatives on time with multiple stakeholders
• Enjoy fostering collaboration and cross-functional partnerships to help spread awareness and
• Build and implementation of cybersecurity controls
• Have experience in-depth knowledge and experience of cybersecurity frameworks including ISO 27001, 27701 and 27018
• Experience with the entire controls monitoring lifecycle, including identifying, assessing, monitoring, and remediating controls.
• Excellent verbal and written communication skills with the ability to document, communicate, and report security assessments
• Serve as the subject matter expert and provide technical leadership and feedback for compliance / GRC projects
• Appropriately handling and managing confidential information including proprietary and trade secret information
• Stay up-to-date with changes in regulations, standards, and emerging regulatory requirements and ensure compliance

Responsibilities:

• Lead the development, implementation and maintenance of comprehensive GRC strategies
• Build automated evidence gathering and continuous control testing through integrations maturing our governance program.
• Establish partnerships with internal/external auditors, regulators, business stakeholders develop security requirements and controls.
• Optimize security compliance monitoring and alerting systems; aggregate compliance alerts and advise on system policy violations
• Perform critical data security reviews over newly released products and features.
• Ensure controls are operating effectively via assessment and attestation
• Own the vulnerability management program to identify and provide guidance for improvements
• Security Metrics - Uses automated and manual processes to produce relevant KPIs about the Information security program
• Policies and Procedures - Maintains corporate Information Security policies and departmental procedures and maps them to relevant control standards
• Recertification - Operates periodic processes to hire, transfer, and termination protocols are complied with and regular access reviews are conducted
• Security Awareness - Builds and maintains company awareness and education progress
• Risk Assessment - Builds and operates the company platform to document, measure, and report assessments, risks, controls findings, and remediation activity
• Draft policies and best practices that will be consumed by the entire organization
• Maintain knowledge of certifications and controls such as SOC 2, ISO 27001 / ISO 27018, and 27701
• Evaluate vendors against compliance and security standards