Experience: 10+ Years
A Governance, Risk, and Compliance (GRC) Engineer bridges the gap between high-level legal requirements and technical implementation. Unlike a traditional GRC Analyst, who may focus more on documentation and manual audits, the Engineer focuses on automation, integrations, and systematizing compliance within the tech stack (e.g., CI/CD pipelines and cloud infrastructure).
Core Responsibilities
- Automation of Controls: Building and maintaining automated systems to collect evidence for audits (e.g., SOC 2, ISO 27001) to replace manual spreadsheets.
- Risk Engineering: Conducting technical risk assessments on cloud architecture, AI models, and software delivery pipelines.
- Policy-as-Code: Translating static security policies into technical configurations and automated guardrails.
- Vendor & Third-Party Risk: Developing technical workflows to assess the security posture of SaaS providers and supply chain partners.
- Continuous Monitoring: Implementing dashboards and telemetry to track compliance health in real-time rather than once a quarter.
- Audit Orchestration: Acting as the technical liaison for internal and external auditors, providing system-generated artifacts.
Key Skills & Requirements: AWS, Azure, or Google Cloud Platform, Python, Bash, or Go, Terraform, Kubernetes, Jira, ISO 27001, NIST CSF / 800-53, SOC 2 Type II, GDPR / CCPA / HIPAA, IT Audit, or DevOps.
- Certifications: CISA, CRISC, CISSP, or AWS Certified Security.
Never miss an opportunity! Create an alert based on the job you applied for.
