Senior GRC Engineer

Job Summary:

We are seeking a knowledgeable and detail-oriented GRC Engineer to join our team. The ideal candidate will be responsible for developing, implementing, and managing governance, risk, and compliance programs to ensure the organization adheres to regulatory requirements and industry standards.

Key Responsibilities:

• Governance: Develop and maintain governance frameworks, policies, and procedures to ensure compliance with regulatory requirements and industry standards.
• Risk Management: Identify, assess, and manage risks to the organization’s information assets. Develop risk mitigation strategies and monitor their effectiveness.
• Compliance: Ensure compliance with relevant laws, regulations, and standards (e.g., ISO 27001, NIST, COBIT). Conduct regular audits and assessments to verify compliance.
• Security Design: Proven track record in assessing security designs, including data flow diagrams, architectural blueprints, low-level designs, networking diagrams, authentication mechanisms, and authorization schemes.
• Threat Modeling: Utilize expert knowledge in threat modeling techniques and methodologies to proactively identify, assess, and prioritize security risks, enabling the organization to implement targeted mitigation strategies.
• Policy Development: Create and update security policies, standards, and guidelines. Ensure policies are communicated and enforced across the organization.
• Training and Awareness: Develop and deliver training programs to raise awareness of governance, risk, and compliance issues among employees.
• Incident Management: Assist in the investigation and resolution of security incidents. Ensure incidents are documented and reported in accordance with regulatory requirements.
• Reporting: Prepare and present reports on governance, risk, and compliance activities to management and stakeholders.
• Continuous Improvement: Stay updated with the latest regulatory changes, industry trends, and best practices. Continuously improve GRC processes and frameworks.

Qualifications:

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• +3 years of experience in governance, risk, and compliance roles.
• Relevant certifications such as CISA, CRISC, CISSP, or equivalent are preferred.
• Strong understanding of governance, risk, and compliance frameworks and standards (e.g., ISO 27001, NIST, PCI-DSS, COBIT).
• Experience with risk assessment and management methodologies.
• Proficiency with GRC tools and software.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Attention to detail and ability to manage multiple tasks simultaneously.