Enterprise GRC Engineer

Deep focus on: Governance, Risk, and Compliance (GRC), Enterprise Security and Security Architecture, Vulnerability Management and Penetration Testing , Cloud Security and hybrid environments
Proven experience owning SSP development end to end
Hands on experience with CMS MARS E v2.2 or comparable federal/state security frameworks
Strong expertise in: Control implementation documentation, Audit evidence collection and validation, POA&M creation, tracking, and remediation management
Ability to translate technical security issues into compliance aligned remediation actions
Strong stakeholder management skills across security, infrastructure, and application teams
Excellent written and verbal communication skills, particularly for executive stakeholders
Knowledge of NIST 800 53, NIST RMF, and privacy controls
Knowledge of Secure SDLC and DevSecOps practices
Experience operating in multi-vendor, multi-platform environments
Demonstrated ability to reduce repeat audit findings and improve compliance maturity
Experience mentoring or guiding teams on security governance best practices