Overview
On Site
128k - 174k
Full Time
Skills
NIST SP 800 Series
Information security
Security controls
Computer science
Continuous monitoring
SAP GRC
Pivotal
FOCUS
Supervision
Policies
Regulatory Compliance
Management
Operations
Cyber security
Privacy
National Institute of Standards and Technology
CSF
System on a chip
Auditing
CISSP
CISM
ISACA
CISA
SAP BASIS
Job Details
GRC Engineer
The Information Security GRC Engineer IV is pivotal in security landscape, serving as a significant contributor. This position is instrumental in molding the security stance, with a primary focus on supervising the creation and implementation of information security policies and technical standards. Additionally, it ensures strict compliance with established security prerequisites. Seeking a candidate with both the technical expertise and strategic insight in information security gained from working in complex technical environments.
This company is located in Reston, VA and will be a hybrid model.
What You Will Be Doing:
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn't provide sponsorship.
The Information Security GRC Engineer IV is pivotal in security landscape, serving as a significant contributor. This position is instrumental in molding the security stance, with a primary focus on supervising the creation and implementation of information security policies and technical standards. Additionally, it ensures strict compliance with established security prerequisites. Seeking a candidate with both the technical expertise and strategic insight in information security gained from working in complex technical environments.
This company is located in Reston, VA and will be a hybrid model.
What You Will Be Doing:
- Craft and uphold information security policies, technical standards, and security guidelines.
- Assess adherence to security controls and requirements.
- Offer guidance to technical teams on implementing security controls effectively.
- Assist in both internal and external security evaluations.
- Create strategies to mitigate risks effectively.
- Communicate remaining risks to senior management clearly and prepare executive-level reports.
- Consistently assess current GRC processes to streamline operations, pinpoint areas for enhancement, and offer actionable suggestions for improvement.
- Have in-depth knowledge of cybersecurity and regulatory frameworks, privacy protocols, and industry-standard security practices such as NIST CSF, NIST SP 800-53, CIS Controls, SOC 2, GDPR, among others.
- Demonstrate expertise in formulating and overseeing enterprise-level information security policies, technical standards, and security guidelines.
- Possess extensive expertise in conducting security assessments, audits, and managing risks effectively.
- Proficient in comprehending security controls and interpreting their essence, with the ability to implement them within intricate enterprise IT environments.
- Hold a Bachelor's degree in Computer Science, an equivalent technical field, or possess commensurate work experience.
- Have over 8 years of comprehensive experience in the field of information security.
- Knowledgeable in cybersecurity threats and risks.
- Knowledgeable in continuous monitoring.
- Industry-recognized certifications, such as CISSP, CGRC, CAP, CISM, CRISC, or CISA are highly desirable.
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn't provide sponsorship.