Governance, Risk and Compliance Engineer

Job Description

A Governance, Risk and Compliance Engineer job in Blue Ash, Ohio is currently available at Belcan. To be considered for this role, you will have a minimum of four years of relevant experience.

Belcan's Governance, Risk and Compliance (GRC) team ensures compliance with regulatory and contractual requirements. The GRC Engineer supports the implementation and validation of security and compliance controls, manages risk assessments, and maintains audit-ready evidence, aligning to frameworks such as NIST SP 800-171 and CMMC Level 2. This role works with technology teams and business stakeholders to monitor compliance, address gaps, and improve processes that reduce risk and maintain certification readiness.

Job Duties:

* Support implementation and validation of the accuracy and completeness of security and compliance controls aligned to NIST SP 800-171 and CMMC Level 2, ensuring evidence is adequate, sufficient, and audit-ready.
* Collaborate with service owners to conduct risk assessments, including documenting findings, residual risk, and mitigation plans, and track remediation progress through closure in the risk register in ServiceNow.
* Prepare artifacts and coordinate walkthroughs and interviews for internal and external audits, drive gap remediation with owners, and help prevent recurrence.
* Contribute to policy creation, review, and revision sessions that outline operational compliance and practicality.
* Support the creation, assignment, and completion tracking of role-based training and security awareness activities, including phishing campaigns.
* Develop and maintain reporting workflows to track compliance status, risk metrics, and remediation progress, and contribute to structured leadership reporting on compliance posture.
* Continuously identify opportunities to improve efficiency through process enhancements or technology solutions.
* Partner with Security, IT, Infrastructure, PMO, Facilities, and other teams to translate compliance requirements into actionable tasks and embed them into processes and procedures.
* Participate on an occasional basis in onsite and virtual site audits at other Belcan locations to verify compliance is being maintained.

Required Qualifications:
* 3 to 7 years of experience in governance, risk, compliance, information security, or related disciplines.
* Experience with Qualys Vulnerability Management and risk management practices.
* Working knowledge of EBS-GRC (Governance, Risk & Compliance) and ServiceNow ITSM.
* Knowledge of ISO 27001 and information security awareness programs.
* Ability to support compliance activities aligned to NIST SP 800-171 and CMMC Level 2.
* Preferred certifications include Security+, CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, CCP, or CMMC Certified Professional.
* Certifications are preferred but not required.
* Ability to maintain audit-ready evidence, support remediation activities, and collaborate effectively across technical and business teams.

Compensation:
We provide a competitive pay and benefits package. This position is offering a salary rate of $80,000 to $100,000 however, Belcan considers several factors when extending an offer, including but not limited to education, experience, geographic location, and discipline. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

Belcan is an equal opportunity employer. Your application and candidacy will not be considered based on race, color, sex, religion, creed, sexual orientation, gender identity, national origin, disability, genetic information, pregnancy, veteran status or any other characteristic protected by federal, state or local laws.