Cybersecurity GRC Engineer

About the Role

Requirements

• 3+ years of experience in GRC, IT Risk, or Security Operations with at least 2 years hands-on technical experience
• Working knowledge of cloud security (AWS, GCP, or Azure)
• Experience with endpoint management tools (Jamf, Intune, CrowdStrike)
• Proven ability to automate or optimize GRC workflows using tools, APIs, and AI
• Practical experience designing or testing disaster recovery and business continuity programs
• Experience with vulnerability management, penetration testing, and red teaming
• Strong analytical and problem-solving skills and attention to detail
• Exceptional communication and collaboration skills for technical and non-technical audiences
• Certifications such as CISA, CISM, CISSP, or Security+ (preferred)
• Background in regulated environments or financial / digital assets sector (preferred)

Responsibilities

• Collaborate with R&D and DevOps teams to integrate security into development and deployment processes
• Perform technical risk assessments, vulnerability trend analysis, and threat modeling
• Lead security awareness and social-engineering simulations and correlate results with technical findings
• Initiate and coordinate offensive security activities including penetration testing and red teaming
• Support incident response readiness and integrate lessons learned into policies and controls
• Leverage AI and automation to generate GRC reporting and maintain intelligent dashboards
• Partner with Security Engineering and IT to ensure endpoint hardening, patch management, and configuration compliance
• Coordinate disaster recovery exercises and tabletop simulations and track remediation
• Prepare for and support internal and external audits including SOC 2, ISO 27001, and NYDFS

Skills