Principal GRC Engineer

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Oversee and guide Outseer’s governance, risk management, and compliance initiatives on a global scale, ensuring alignment with relevant regulations, industry standards, and best practices.

• Perform regular risk evaluations, identify potential weaknesses, and implement strategies to mitigate risks throughout the organization.

• Lead and coordinate third-party security audits, serving as the primary liaison for customer security assessments.

• Suggest and uphold policies, procedures, and controls to guarantee adherence to applicable regulations, standards, and internal requirements.

• Monitor and evaluate changes in regulatory requirements and industry standards, ensuring timely updates to the compliance program.

• Work collaboratively with cross-functional teams to embed risk management and compliance controls into business processes, applications, and systems.

• Execute compliance audits, assessments, and gap analyses to discover areas for enhancement and implement corrective action plans.

• Coordinate and oversee third-party assessments, audits, and certifications, ensuring compliance with contractual responsibilities.

• Offer guidance and support to stakeholders regarding risk management, compliance necessities, and governance practices.

• Exhibit an automation-first approach, utilizing modern AI technologies to improve GRC processes.

• Provide training programs to inform employees about risk awareness, compliance obligations, and best practices.

• Remain informed about emerging trends and modifications in the governance, risk, and compliance domain, and proactively suggest enhancements to strengthen the program's effectiveness.

⛳️ Requirements

• Bachelor’s degree in computer science, Information Security, Risk Management, or a related field - or equivalent professional experience.

• Over 8 years of experience in governance, risk management, and compliance roles, particularly focused on information security and technology.

• Familiarity with regulatory frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, GDPR, HIPAA, or PCI DSS.

• Experience in implementing governance frameworks, risk assessment methodologies, and compliance programs.

• Knowledge of risk assessment techniques, including the identification, analysis, and treatment of risks.

• Proven experience in conducting compliance audits, assessments, and managing remediation activities.

• Understanding of security controls, industry best practices, and risk management frameworks.

• Strong grasp of business processes, systems, and technologies, along with their associated risks.

• Excellent communication and interpersonal abilities, with the capacity to collaborate effectively with stakeholders at all organizational levels.

• Professional certifications such as CISA, CRISC, CISSP, or CISM are highly advantageous.

🏝️ Benefits

• Health insurance

• Professional development opportunities