Senior Cyber security Engineer_GRC

As a Senior Security Engineer - GRC in Governance, Risk, and Compliance (GRC) you will be instrumental in the design, implementation, and enhancement of risk management and compliance frameworks that protect our organization’s digital assets. This role emphasizes strategic risk planning, policy development, and compliance management, with a focus on maintaining a strong risk posture and meeting regulatory requirements.

Key Responsibilities:

• Conduct security reviews of internal systems and identify areas of improvement
• Conduct thorough assessments to identify vulnerabilities, ensuring compliance with internal policies and external regulations. Collaborate with internal and external auditors to facilitate audits and manage required remediations.
• Contribute to the evolution of GRC policies and procedures, ensuring that they support effective risk management and adherence to relevant regulations and standards.
• Collaborate closely with IT, legal, and cross-functional teams to integrate risk management and compliance measures into business processes, aligning with organizational objectives.
• Maintain detailed documentation of risk management activities, compliance audits, and GRC policies, ensuring accuracy and transparency to support accountability.
• Conduct risk assessments to identify potential security threats and vulnerabilities and develop mitigation strategies.
• Ensure compliance with relevant information security regulations, standards, and frameworks (e.g., ISO 27001, SOC2, ITGC, NIST, PCI-DSS, CCPA, NYDFS, HIPAA).
• Conduct regular security compliance assessments and audits.
• Track and report on compliance gaps and work with relevant teams to address deficiencies.
• Stay current on emerging security regulations and industry best practices.
• Develop and deliver information security awareness and training programs to team members at all levels.
• Supports the third-party review of contractual obligations related to information security (e.g., data protection, incident response, audit rights).
• Work closely with legal, procurement, and business teams to clarify and negotiate contract terms. Document risk findings and compliance gaps identified during the review.

Basic Qualifications:

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or relevant experience
• A minimum of 5 years of experience in risk management, governance, and compliance within an enterprise environment.
• Working knowledge of risk management frameworks and methodologies (e.g., ISO 31000, NIST Risk Management Framework).
• Familiarity with GRC tools and platforms.
• Knowledge of regulatory and compliance requirements (e.g., GDPR, HIPAA, SOX).
• Ability to work independently, prioritize tasks, and manage multiple deadlines in a fast-paced environment.
• Strong analytical and problem-solving capabilities.
• Excellent communication skills with the ability to convey complex risk-related information to stakeholders at various levels.
• Relevant certifications such as Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) are preferred.
• Working across departments to implement comprehensive security measures.

Preferred Qualifications:

• Master’s degree in a related field.
• 5-7 years of experience in information security risk management or a related field with a focus on governance and compliance.
• Knowledge of risk assessment methodologies and tools.
• Proficient in using GRC software/tools (e.g., RSA Archer, MetricStream, ServiceNow GRC).
• Basic understanding of IT infrastructure, cloud security, and data protection.
• Attention to detail and ability to identify gaps and recommend practical solutions.