Cybersecurity GRC Engineer

Who is Swire Coca-Cola? We are a family-owned bottling company with a story spanning over two centuries. We are one of the largest bottlers of Coca-Cola in North America and distribute more than 50 beverage brands and flavors creating joy for our customers every day. Our 8,000 driven employees work hard as part of a team that delivers refreshment to over 30 million consumers across 13 states. Begin a journey with us at Swire Coca-Cola and belong to a community of dedicated team members who think big and believe in winning together.

Job Details:

Job Level: 5

Why you’ll love working at Swire Coca-Cola:

Swire Coca-Cola is committed to providing balance to support you in all aspects of your life, both at work and beyond. We offer the benefits you need for physical, financial, and emotional well-being.

• Health coverage (3 medical options, dental and vision). 401(k) Retirement Plan w/company match
• Health Savings Accounts w/company match
• FREE virtual primary care, acute care and physical therapy
• FREE Employee Assistance Program
• Company paid (vacation, holidays, sick time, bereavement, jury duty, maternity/parental, disability leave and volunteer time)
• Discounted & free product
• Tuition reimbursement
• Opportunities for career advancement
  
  

In addition to health benefits, Swire Coca-Cola is proud to offer you opportunities where you help give back directly to the communities and causes you care about. Note: Enrollment in a Swire Medical Plan is required for some benefits.

What does a Cybersecurity GRC Engineer do at Swire Coca - Cola?

Swire Coca-Cola is seeking a Cybersecurity GRC Engineer to support the execution and continuous improvement of our governance, risk, and compliance (GRC) program. This role works under the direction of the GRC Manager and is responsible for performing day-to-day risk, compliance, and audit activities that ensure our cybersecurity program remains aligned with regulatory, contractual, and business requirements. The GRC Engineer plays a critical role in operationalizing cybersecurity governance by conducting risk assessments, supporting audits, maintaining control frameworks, and partnering across IT and business teams to track and remediate findings. This role requires a detail-oriented and analytical individual who can translate technical controls and risks into clear documentation and actionable insights.

Responsibilities

• Perform cybersecurity risk assessments for systems, applications, and business processes
• Support third-party/vendor risk assessments and due diligence reviews
• Identify control gaps, document risks, and assist in developing remediation plans
• Maintain and update the enterprise risk register, including risk scoring and tracking
• Partner with control owners to validate mitigation efforts and risk status
• Support internal and external audits by coordinating evidence collection and responses
• Track audit findings, remediation activities, and validate closure
• Assist with security questionnaires, RFP responses, and due diligence requests
• Help ensure compliance with regulatory and contractual requirements
• Maintain and update cybersecurity policies, standards, and procedures
• Support mapping of controls to frameworks such as NIST CSF, ISO 27001, and CIS
• Assist in the development and maintenance of a unified control framework
• Support control testing activities and documentation of effectiveness
• Develop and maintain GRC metrics, dashboards, and reporting artifacts
• Track key risk indicators (KRIs), audit trends, and remediation progress
• Prepare reports and summaries for leadership and stakeholders
• Maintain organized documentation and evidence repositories
• Partner with cross-functional teams to drive risk awareness and remediation efforts
• Support process improvements to enhance GRC efficiency and scalability
• Assist in implementing and optimizing GRC tools and automation
• Stay current on cybersecurity risks and compliance requirements
• Performs other duties as assigned.
  
  

Requirements

• Bachelor’s Degree in Cybersecurity, Information Technology, Risk Management, or related field required
• Relevant certifications such as Security , CISA, CRISC, or similar preferred
• 3 years of experience in cybersecurity, risk, compliance, or audit roles required
• Experience supporting audits, risk assessments, and compliance activities required
• Experience collaborating across IT and business teams required
• Working knowledge of NIST CSF, ISO 27001, and CIS frameworks
• Strong analytical, documentation, and organizational skills
• Ability to communicate technical concepts to non-technical stakeholders
• Familiarity with GRC tools such as ServiceNow GRC, Archer, Drata, Vanta, or similar preferred
  
  

Come and join our Sparkling team!

Due to the nature of our work and to help maintain a safe workplace for our employees and customers, after a candidate receives a conditional offer of employment, they will be required to complete pre-employment screening. This includes a criminal background check, drug screening, and for certain roles, a motor vehicle record review.

Screening results are evaluated based on several factors, including the nature and severity of an offense, how much time has passed, the relevance to the position, patterns of repeated offenses, and driving history for roles that require operating a vehicle.

All results are reviewed fairly and in accordance with applicable state and federal laws, including the Fair Credit Reporting Act.

Swire Coca-Cola is an equal employment opportunity and affirmative action employer that participates in the E-Verify program as required by law. All qualified applicants will receive consideration for employment without regard race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status or other legally protected characteristics. Swire Coca-Cola does not sponsor applicants for work visas.