Senior Cybersecurity GRC

We’re hiring a Security GRC Engineer to help us build governance, risk, and compliance in a way that actually works in a modern tech organization: pragmatic, automation-friendly, and aligned with agile delivery.
This is not a “paperwork” job. You’ll partner closely with engineering, product, workplace, auditors and security to turn risk management and compliance into clear, usable guardrails and you’ll challenge processes that create friction without improving security.

What you’ll do

• Risk management that drives decisions
Run lightweight, continuous risk assessment and threat modelings with teams (not once-a-year rituals).
Translate risk into clear options: impact, likelihood, tradeoffs, and recommended actions.
Track remediation plans and provide visibility through simple reporting.
• Build practical governance
Maintain and improve security policies/standards so they’re short, actionable, and adopted.
Create control objectives that fit real engineering workflows (CI/CD, cloud, SaaS, identity).
• Compliance, without the theater
Support audits and evidence collection with a focus on efficiency and reusability.
Help align our program with recognized frameworks (e.g., NIST ) in a pragmatic way.
Develop “compliance-as-code” habits where possible (automated checks, continuous evidence).
• Third-party risk (vendors, partners)
Drive assessments, follow-ups, and risk treatment with procurement and stakeholders.
Push for scalable vendor processes (tiering, standard questionnaires, measurable requirements).
• Security enablement
Create playbooks, templates, and self-service material that teams can use without heavy guidance.
Coach teams to understand risk and make better security choices early in delivery.