
Cybersecurity Staff Engineer
Posted Jul 7

Posted Jul 7
This is a fully remote position, open to applicants in New Jersey.
• Consolidate risk posture, control deficiencies, and issue status across all cybersecurity domains into unified dashboards and executive-level reporting frameworks.
• Act as the primary source of GRC intelligence — transforming disparate signals into a clear organizational risk overview.
• Develop and uphold consistent metrics and KPIs that accurately represent compliance health across all domains.
• Manage the entire issue lifecycle — from identification to remediation — ensuring findings progress without being hindered by handoff gaps.
• Create accountability frameworks among tower leaders and partner teams to maintain risk closure without needing direct authority.
• Ensure non-IT departments adhere to documented procedures and assist them in addressing audit discrepancies.
• Raise systemic issues and trend patterns to senior leadership along with actionable recommendations.
• Oversee all facets of ISO 27001 certification maintenance, including evidence gathering, control mapping, audit readiness, and ongoing improvement.
• Cultivate relationships with external auditors and certification bodies.
• Guarantee that the program is audit-ready throughout the year, not just during certification periods.
• Contribute to our SOC 2 Type II program and lead compliance posture concerning relevant trust service criteria.
• Collaborate with engineering, IT, and operations teams to ensure controls are implemented, documented, and sustainable.
• Conduct and document Level 1 cyber risk assessments using established frameworks such as NIST CSF and ISO 27001.
• Maintain the enterprise cyber risk register, ensuring risks are accurately rated, assigned, and tracked towards resolution.
• Identify emerging risks associated with our industry — fan data systems, broadcast infrastructure, global event operations — providing appropriate context for decision-makers.
• Partner with tower leads, IT, Legal, Privacy, and Procurement to align on risk priorities and facilitate coordinated remediation efforts.
• Communicate policy and regulatory requirements in a manner that resonates with both technical practitioners and executive stakeholders.
• Function as a trusted advisor throughout the organization — influencing outcomes without relying on organizational hierarchy.
• Identify opportunities to automate compliance efforts through scalable GRC platforms and integrations, replacing manual processes.
• Propel the adoption and optimization of tools such as Drata, ServiceNow GRC, OneTrust, or similar platforms.
• Stay informed about the tooling landscape and provide recommendations that enhance program efficiency and coverage.
• Maintain a working knowledge of regulations relevant to our global operations — including GDPR, CCPA, and evolving international data residency requirements.
• Support third-party and vendor risk assessment processes in coordination with Legal and Procurement, ensuring vendor relationships comply with our standards.
• Over 7 years of progressive experience in Cybersecurity GRC, Risk Management, or Compliance, with exposure to both program ownership and cross-functional collaboration.
• Proven ability to manage multiple security domains concurrently without sacrificing precision or accountability.
• Practical experience leading ISO 27001 certification programs and SOC 2 Type II compliance — you've managed audit cycles, not merely supported them.
• Familiarity with one or more GRC platforms (Drata, ServiceNow, OneTrust, or similar).
• CISSP, CISM, or CRISC certification is preferred.
• Experience in sports, entertainment, media, or other high-profile consumer-facing sectors is an advantage.
• Medical
• Dental
• Vision
• Life/AD&D insurance
• Short- and long-term disability
• Fertility and family-forming assistance
• Wellbeing allowance
• Educational assistance
• Mental health coaching/therapy
• Tax-advantaged accounts such as HSA and healthcare/dependent care FSAs
• A 401(k) retirement plan
• Time off benefits that include vacation, sick time, and personal days
Baringa
Inetum
AddSales
IonQ
Get handpicked remote jobs straight to your inbox weekly.