Principal Security Engineer - InfoSec GRC
New
This is a remote position, so you’ll be working remotely from your home. This position is not eligible to be performed in Alaska, Mississippi, North Dakota, or the Virgin Islands. GoDaddy is not currently considering candidates for this role in California, Seattle, or NYC.Full-TimePrincipal
Salary140,000 - 273,000 USD per year
Apply NowOpens the employer's application page
Job Details
- Experience
- 10+ years of professional experience in information security, information technology, information technology audit, or related fields; 6+ years of professional experience managing information security programs, audits, or formal assessment activities.
- Required Skills
- AWS
Requirements
- 10+ years of professional experience in information security, information technology, information technology audit, or related fields
- 6+ years of professional experience managing information security programs, audits, or formal assessment activities
- Experience building unified security controls frameworks across multiple compliance and regulatory standards
- Experience managing or performing audits using frameworks such as PCI DSS, NIST Cybersecurity Framework, NIST SP 800-53, ISO 27001, and SOC 2
- Experience assessing cloud environments such as AWS
- Experience applying core security engineering concepts such as threat modeling, architecture reviews, access management, and encryption
- Experience presenting audit results, risk posture, and remediation priorities to executive stakeholders
- Experience in automating, scripting, or designing automated compliance systems
Responsibilities
- Support a team of GRC compliance specialists in helping to build and manage a unified security controls framework that supports regulatory and industry compliance requirements
- Perform targeted gap assessments across business units to support new regulatory frameworks
- Partner with engineering, product, legal, and other security teams to identify control gaps, evaluate compensating controls, and reduce risk
- Support internal and external audits across frameworks such as PCI DSS, SOC 2, ISO 27001, and other applicable regulations
- Develop reporting and present security risks, audit status, and remediation priorities to senior leadership
- Drive scalable risk-based processes for exception management, risk acceptance workflows, and broader governance initiatives
- Remove roadblocks across the team in addition to providing training and mentoring support
View Full Description & ApplyYou'll be redirected to the employer's site
