GRC Engineer

The Information Security GRC Engineer IV is pivotal in security landscape, serving as a significant contributor. This position is instrumental in molding the security stance, with a primary focus on supervising the creation and implementation of information security policies and technical standards. Additionally, it ensures strict compliance with established security prerequisites. Seeking a candidate with both the technical expertise and strategic insight in information security gained from working in complex technical environments.

This company is located in Reston, VA and will be a hybrid model.

What You Will Be Doing:

• Craft and uphold information security policies, technical standards, and security guidelines.
• Assess adherence to security controls and requirements.
• Offer guidance to technical teams on implementing security controls effectively.
• Assist in both internal and external security evaluations.
• Create strategies to mitigate risks effectively.
• Communicate remaining risks to senior management clearly and prepare executive-level reports.
• Consistently assess current GRC processes to streamline operations, pinpoint areas for enhancement, and offer actionable suggestions for improvement.

Required Skills & Experience:

• Have in-depth knowledge of cybersecurity and regulatory frameworks, privacy protocols, and industry-standard security practices such as NIST CSF, NIST SP 800-53, CIS Controls, SOC 2, GDPR, among others.
• Demonstrate expertise in formulating and overseeing enterprise-level information security policies, technical standards, and security guidelines.
• Possess extensive expertise in conducting security assessments, audits, and managing risks effectively.
• Proficient in comprehending security controls and interpreting their essence, with the ability to implement them within intricate enterprise IT environments.
• Hold a Bachelor's degree in Computer Science, an equivalent technical field, or possess commensurate work experience.
• Have over 8 years of comprehensive experience in the field of information security.

Desired Skills & Experience:

• Knowledgeable in cybersecurity threats and risks.
• Knowledgeable in continuous monitoring.
• Industry-recognized certifications, such as CISSP, CGRC, CAP, CISM, CRISC, or CISA are highly desirable.

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn't provide sponsorship.