Principal GRC Engineer

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Provide leadership and support for the Outseer governance, risk management, and compliance program on a global scale, ensuring alignment with relevant regulations, industry standards, and best practices.

• Perform regular risk assessments to identify potential vulnerabilities and implement strategies to mitigate risks throughout the organization.

• Oversee and coordinate third-party security audits, serving as the main point of contact for customer security evaluations.

• Suggest and maintain policies, procedures, and controls to guarantee compliance with applicable regulations, standards, and internal requirements.

• Monitor and evaluate changes in regulatory requirements and industry standards, ensuring timely updates to the compliance program.

• Collaborate with cross-functional teams to integrate risk management and compliance controls into various business processes, applications, and systems.

• Conduct compliance audits, assessments, and gap analyses to pinpoint areas for improvement and implement corrective action plans.

• Manage and coordinate third-party assessments, audits, and certifications, ensuring adherence to contractual obligations.

• Offer guidance and support to stakeholders on risk management, compliance requirements, and governance practices.

• Exhibit an automation-first mindset by leveraging modern AI technologies to enhance governance, risk, and compliance processes.

• Facilitate training programs designed to educate employees on risk awareness, compliance obligations, and best practices.

• Stay informed on emerging trends and changes in the governance, risk, and compliance landscape, proactively recommending enhancements to improve the program's effectiveness.

⛳️ Requirements

• Bachelor’s degree in computer science, Information Security, Risk Management, or a related discipline, or equivalent work experience.

• Over 8 years of experience in governance, risk management, and compliance roles, particularly focused on information security and technology.

• Familiarity with regulatory frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, GDPR, HIPAA, or PCI DSS.

• Proven experience in implementing governance frameworks, risk assessment methodologies, and compliance programs.

• Understanding of risk assessment techniques, including the identification, analysis, and treatment of risks.

• Demonstrated experience in conducting compliance audits, assessments, and managing remediation initiatives.

• Knowledge of security controls, industry best practices, and risk management frameworks.

• Strong comprehension of business processes, systems, and technologies, along with their associated risks.

• Excellent communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all organizational levels.

• Professional certifications such as CISA, CRISC, CISSP, or CISM are highly preferred.

🏝️ Benefits

• Health insurance

• Professional development opportunities