Were looking for a highly skilled Cybersecurity Governance, Risk, and Compliance Engineer with strong technical and hands-on cybersecurity expertise. This role bridges the gap between compliance and technology – ensuring that GRC frameworks are not just compliant on paper but effective in practice across infrastructure, SaaS, and cloud environments.
As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.
Reporting line: GRC Director
What you will do:
Collaborate with R&D and DevOps teams to integrate security into development and deployment processes.
Perform technical risk assessments, vulnerability trend analysis, and threat modeling to ensure risk registers reflect the true security posture.
Lead security awareness and social-engineering simulations, correlating campaign results with real technical findings (phishing, MFA bypass, insider threat trends).
Initiate and coordinate offensive security activities including penetration testing, red teaming, and vulnerability assessments to proactively identify and mitigate risks.
Support incident response readiness by integrating lessons learned into policy, control design, and awareness materials.
Leverage AI to automate GRC reporting, surface risk insights, and maintain intelligent dashboards integrated with platforms like ServiceNow, Jira, and internal data sources.
Partner with Security Engineering and IT teams to ensure consistent endpoint hardening, patch management, and configuration compliance.
Coordinate DR exercises and tabletop simulations, track findings, and oversee remediation to strengthen resilience.
Prepare for and support internal and external audits, including SOC 2, ISO 27001, NYDFS, and customer due-diligence requests.
As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.
Reporting line: GRC Director
What you will do:
Collaborate with R&D and DevOps teams to integrate security into development and deployment processes.
Perform technical risk assessments, vulnerability trend analysis, and threat modeling to ensure risk registers reflect the true security posture.
Lead security awareness and social-engineering simulations, correlating campaign results with real technical findings (phishing, MFA bypass, insider threat trends).
Initiate and coordinate offensive security activities including penetration testing, red teaming, and vulnerability assessments to proactively identify and mitigate risks.
Support incident response readiness by integrating lessons learned into policy, control design, and awareness materials.
Leverage AI to automate GRC reporting, surface risk insights, and maintain intelligent dashboards integrated with platforms like ServiceNow, Jira, and internal data sources.
Partner with Security Engineering and IT teams to ensure consistent endpoint hardening, patch management, and configuration compliance.
Coordinate DR exercises and tabletop simulations, track findings, and oversee remediation to strengthen resilience.
Prepare for and support internal and external audits, including SOC 2, ISO 27001, NYDFS, and customer due-diligence requests.
Requirements:
+3 years of experience in GRC, IT Risk, or Security Operations, with at least 2 years hands-on in technical environments (e.g., system administration, cloud security, endpoint management, vulnerability management).
Strong working knowledge of cloud security (AWS, GCP, or Azure) and endpoint management (Jamf, Intune, CrowdStrike).
Proven ability to automate or optimize GRC workflows using tools, APIs, and AI.
Practical experience designing or testing Disaster Recovery and Business Continuity programs.
Strong analytical and problem-solving skills; able to translate complex technical risks into actionable business terms.
Visionary and innovation-driven, capable of implementing security and compliance programs in complex, fast-paced organizations.
Exceptional communication, collaboration, and interpersonal skills, with the ability to engage both technical and non-technical audiences.
Strong analytical, problem-solving skills and attention to detail, with the ability to manage multiple projects simultaneously and meet tight deadlines.
Preferred Qualifications:
Certifications such as CISA, CISM, CISSP, or Security+.
Background in the financial / digital assets sector or regulated environments.
Strong technological understanding and familiarity with product development practices.
+3 years of experience in GRC, IT Risk, or Security Operations, with at least 2 years hands-on in technical environments (e.g., system administration, cloud security, endpoint management, vulnerability management).
Strong working knowledge of cloud security (AWS, GCP, or Azure) and endpoint management (Jamf, Intune, CrowdStrike).
Proven ability to automate or optimize GRC workflows using tools, APIs, and AI.
Practical experience designing or testing Disaster Recovery and Business Continuity programs.
Strong analytical and problem-solving skills; able to translate complex technical risks into actionable business terms.
Visionary and innovation-driven, capable of implementing security and compliance programs in complex, fast-paced organizations.
Exceptional communication, collaboration, and interpersonal skills, with the ability to engage both technical and non-technical audiences.
Strong analytical, problem-solving skills and attention to detail, with the ability to manage multiple projects simultaneously and meet tight deadlines.
Preferred Qualifications:
Certifications such as CISA, CISM, CISSP, or Security+.
Background in the financial / digital assets sector or regulated environments.
Strong technological understanding and familiarity with product development practices.
This position is open to all candidates.
