Principal Security Engineer – GRC Team Lead

New
S
SmartsheetSaaS / Security
Teleworking options from any registered location in the U.S.Full-TimePrincipal
Salary$205,000 — $275,000 USD
Apply NowOpens the employer's application page

Job Details

Experience
10+ years of experience in GRC, compliance, security engineering, or related roles, with 5+ years in a technical or leadership capacity.
Required Skills
AWSPythonBashTerraformCloudFormation

Requirements

  • 10+ years of experience in GRC, compliance, security engineering, or related roles.
  • 5+ years in a technical or leadership capacity managing compliance programs at scale.
  • Degree in Computer Science, Computer Engineering, Cybersecurity, or equivalent practical experience.
  • Expertise in running audit cycles including SOC 2 Type II, ISO 27001, and FedRAMP.
  • Strong understanding of cloud architecture (AWS, GCP, or Azure).
  • Hands-on experience with Infrastructure-as-Code (Terraform) and CI/CD pipelines.
  • Proficiency with GRC platform administration such as Vanta, Drata, or ServiceNow GRC.
  • Experience implementing policy-as-code and automated compliance validation.
  • Strong knowledge of NIST 800-53, NIST 800-171, HIPAA, and GDPR.
  • Proficiency in Python or Bash for automation and data pipeline development.
  • Excellent communication skills for translating technical compliance to business stakeholders.

Responsibilities

  • Own the end-to-end GRC strategy and roadmap, driving compliance maturity and operational efficiency.
  • Design and implement policy-as-code systems using Infrastructure-as-Code tools like Terraform and CloudFormation.
  • Build custom control frameworks (UCF, SCF) aligned with cloud architecture and organizational risk appetite.
  • Lead full audit cycles for SOC 2 Type II, ISO 27001, FedRAMP, and other certifications.
  • Architect GRC platform strategy and integrate tooling with cloud, identity, and CI/CD infrastructure.
  • Design automated data pipelines for evidence collection from AWS and internal operational tools.
  • Establish risk management processes including risk registers and control effectiveness assessments.
  • Mentor and lead the GRC team, establishing operational practices and compliance execution playbooks.
View Full Description & ApplyYou'll be redirected to the employer's site
$205,000 — $275,000 USD
Apply Now