GRC Engineer

About The Position

Requirements

• 5+ years of experience in GRC, security engineering, architecture review, or related technical security roles.
• Strong understanding of cloud platforms (AWS, GCP, Azure) and their native security controls.
• Hands-on experience reviewing architecture diagrams, data flows, and engineering design patterns.
• Deep familiarity with security frameworks: NIST CSF, ISO 27001/27002//27017/27018/42001, PCI-DSS, CIS, SOC 2 Trust Principles, and MITRE ATLAS/ATT&CK.
• Proven ability to conduct comprehensive technical risk assessments.
• AI/ML architecture/governance over MCP, RAG, and agentic workflows
• API integration and orchestration
• Coding and scripting capabilities using Python, SQL, Go, and Powershell
• Understanding of CI/CD pipelines, container orchestration (Kubernetes), IAM, network security, and logging pipelines.
• Excellent communication skills and ability to translate complex technical risks to business stakeholders.

Nice To Haves

• Certifications such as CISM, CRISC, CISSP, CCSP, AWS Security Specialty, or similar.
• Experience with threat modeling methodologies.
• Familiarity with security-as-code and risk automation tooling.
• Previous work in a high-scale fintech, SaaS, or regulated environment

Responsibilities

• Lead technical risk assessments across applications, cloud services, third-party integrations, and internal systems.
• Assess control effectiveness against frameworks such as NIST CSF, ISO 27001, SOC 2, PCI-DSS, and internal policies.
• Develop and maintain detailed risk registers and mitigation plans.
• Validate logging coverage, access controls, encryption configurations, and identity/security controls across cloud and infrastructure environments.
• Contribute to the development and maintenance of security policies, technical standards, and architecture principles.
• Translate compliance requirements into technical control specifications.
• Support engineering teams in interpreting and implementing controls correctly.
• Collaborate with internal audit and external auditors to provide evidence and narrative explanations for control effectiveness.
• Serve as a technical advisor to product and infrastructure teams during design, build, and release cycles.
• Improve risk assessment methodologies and tooling, including automation where possible.
• Provide GRC insights into threat modeling, vendor security reviews, and third-party due diligence.
• Support continuous improvement initiatives across governance, compliance, and risk processes.
• Review product, application, and cloud infrastructure architectures for security control gaps, misconfigurations, and design risks.
• Evaluate engineering design documents, data flow diagrams, and deployment patterns to ensure alignment with security best practices (e.g., zero trust, least privilege, secure SDLC).
• Provide actionable recommendations to engineering teams to address identified risks.
• Participate in security design reviews for new and evolving technologies