Senior Security Engineer I (GRC), Remote

Primary Duties:

• Working cross-functionally to measure & report on risk, achieve & maintain compliance, manage assessments/audits, and contribute to security GRC strategy & advisory efforts
• Leveraging data to understand trends, metrics, and opportunities to improve our security posture and then helping execute on those opportunities with stakeholders
• Leading and enhancing risk management efforts, spearheading qualitative risk assessments & quantitative risk analysis, responsible for third party risk management (TPRM), participate in Customer Trust and involved in mitigation strategies in a cross-functional environment to ensure effective resolution and remediation of security risks / issues
• Helping craft and refine security documentation pertinent to our Security Program, such as policies, standards, baselines, and standard operating procedures

Minimum Qualifications:

• Bachelor (or higher) in Computer Science, Information Technology, Cybersecurity or a related field, 6 years security domain experience without degree
• 4+ years combined experience as a GRC specialist in an enterprise environment (preferably cloud) across multiple disciplines
• 3+ years of relevant work experience in risk reporting, developing & collecting metrics, and working on audits/assessments
• 2+ years of experience in performing third party risk management activities

Preferred Knowledge, Skills and/or Abilities:

• Security specific and/or related certifications (e.g. CISSP, CISA, CRISC, CDPSE, CIPP, GIAC, AWS certifications)
• Knowledge of security frameworks, controls, regulations and industry best practices (e.g. NIST, ISO, SOX ITGC, HIPAA, HICP, CCPA/CPRA)
• Experience in participating in and leading security GRC projects for a dynamic organization with demonstrated project management skills and driving accountability for meeting deliverables within established timelines
• Significant familiarity with metrics (e.g. KRI, KPI, OKR) to measure security team service and program effectiveness & consistency
• Experience implementing, refining and managing the utilization of GRC solutions and related technology tools/software
• Knowledge & experience in risk quantification (e.g. FAIR) and associated reporting
• Solid understanding of enterprise security technology, appliances, and tools
• Experience with health-tech systems, like Electronic Health Records, Clinical data, etc.
• Knowledge of security technology and relevant security risks, controls, and vulnerabilities
• Collaborative work style, ability to develop and maintain effective working relationships both
• internal and external to the organization
• Experience facilitating meetings with high level, cross-functional teams
• Exceptional verbal, written and interpersonal communication skills