CrawlJobs Logo
Realign Logo Realign · IT - Software Development

Lead Cybersecurity GRC Engineer

United States, New York 225000.00 USD / Year · Job Posted March 21, 2026
Apply Position
Job Link Share

Job Description

Lead Cybersecurity GRC Engineer role focusing on risk remediation and governance aligned with enterprise requirements.

Job Responsibility

  • Lead and oversee cybersecurity risk remediation and governance initiatives aligned with enterprise risk and compliance requirements
  • Interpret security policies, standards, and regulatory requirements, and apply them effectively to enterprise assets and environments
  • Identify control gaps, non-compliance issues, and deviations, and drive remediation efforts to closure
  • Perform and guide security control testing, including: Test of Design (ToD), Test of Effectiveness (ToE)
  • Provide remediation guidance across key cybersecurity domains, including but not limited to: Secure architecture and security design, Security testing and validation, Secure coding and code compliance, Business Continuity Planning (BCP) and Disaster Recovery (DR), Third-Party Risk Management (TPRM)
  • Partner with technical, risk, and business stakeholders to gather and validate evidence supporting remediation and compliance activities
  • Prepare and maintain high-quality documentation such as: Policies, procedures, and SOPs, Remediation plans and guidance documents, Risk and compliance reports
  • Present findings, recommendations, and remediation strategies to senior stakeholders and decision-makers
  • Influence outcomes through clear, tactful, and data-driven communication
  • Support compliance and audit activities
  • prior audit engagement experience is highly desirable

Requirements

  • CISSP certification strongly preferred (or equivalent demonstrated experience)
  • Additional certifications such as CISA, CISM are a plus
  • Experience with GRC platforms such as: ServiceNow IRM / GRC, Archer, 6clicks, Other comparable GRC tools
  • Prior exposure to regulated financial services environments (Banking / Insurance)
  • Minimum 8 years of experience in Cybersecurity and GRC, spanning multiple security domains (CISSP domains may be used as a reference framework)
  • Strong hands-on experience in risk remediation, particularly across security design, testing, compliance, BCP/DR, and third-party risk
  • Proven ability to translate policy and regulatory requirements into actionable remediation steps
  • Demonstrated experience in control testing (ToD and ToE)
  • Excellent verbal and written communication skills, with experience engaging senior leaders within banking or insurance organizations
  • Strong analytical and documentation skills with a track record of producing professional, client-ready deliverables
  • Experience advising on remediation strategies and risk treatment options
Realign - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Lead Cybersecurity GRC Engineer

8 matching positions

Cybersecurity GRC - US Federal

The Workday’s National Security Group (NSG) is responsible for all aspects of cy...
Location
Location
United States , Reston
Salary
Salary:
117400.00 - 176200.00 USD / Year
Workday
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in an equivalent governance, risk & compliance and/or related engineering role
  • 3+ years direct experience with the FedRAMP and RMF assessment and authorization processes
  • This position requires a TS/SCI with CI POLY security clearance. Applicants must already possess a valid and active TS/SCI with CI POLY security clearance.
  • A solid understanding of the FedRAMP Framework and DoD Impact levels IL4, IL5 and IL6
  • Bachelor's degree or equivalent experience
  • Experience prioritizing technical changes to a FedRAMP system and apply controls to ensure audit readiness and acceptability
  • Experience leading system design with engineering to provide technical guidance documentation
  • Experience designing federal SaaS cloud computing systems including source control management, logging & monitoring systems, FIPS encryption methods, access controls and vulnerability management
  • Strong communications skills (written and verbal) and attention to detail
  • Proven program/project management experience (especially audit management)
Job Responsibility
Job Responsibility
  • Leading the design, implementation and assessment of Workday's US National Security offerings
  • Ensuring continued compliance across public sector frameworks
  • Assisting in prioritizing future system changes
  • Managing the audit lifecycle for the various DoD and IC programs
  • Leading security and compliance related interactions with Workday's National Security customers
  • Advising internal business partners on risk and compliance requirements related to the product development lifecycle and other strategic organizational initiatives
What we offer
What we offer
  • Bonus Plan or role-specific commission/bonus
  • Annual refresh stock grants
  • Comprehensive benefits
  • Fulltime
Read More
Arrow Right

Global GRC Lead

Monte Carlo is seeking our first Global GRC Manager to lead our compliance effor...
Location
Location
Salary
Salary:
160000.00 - 210000.00 USD / Year
montecarlodata.com Logo
Monte Carlo Data
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Deep GRC Expertise: extensive knowledge of common frameworks (SOC 2, ISO 27001, NIST, GDPR, etc.) and experience managing end-to-end audit processes
  • Strong Communication Skills: translate security jargon into business language and effectively manage customer and vendor communications
  • Risk Management Mindset: balance business objectives with security requirements, prioritizing risk mitigation in a way that aligns with company goals
  • Team Player: thrive in cross-functional environments, effectively collaborating with engineering, legal, product, and other teams
  • Adaptability: flourish in a fast-paced environment, pivoting quickly when new threats, requirements, or business needs emerge
  • 5+ years of experience in a GRC or compliance-focused role, ideally in a SaaS or technology company
  • Proven track record of managing third-party risk assessments, vendor security reviews, and compliance audits
  • Expertise in compliance frameworks such as SOC 1/2, ISO 27001| 27017 | 27018 | 27701 | 42001, and GDPR
  • Relevant certifications (e.g., CISA, CISSP, CRISC, or CISM) are highly desirable
  • Excellent written and verbal communication skills with a strong attention to detail
Job Responsibility
Job Responsibility
  • Manage and respond to customer security reviews, questionnaires, and audits
  • Serve as the primary liaison for security-related inquiries from prospects, customers, and partners
  • Oversee ongoing compliance initiatives (SOC 2, ISO 27001, 27017, 27018, GDPR etc.) and maintain the risk register
  • Collaborate with cross-functional teams (Engineering, Sales, Product, HR) on risk management strategies
  • Evaluate third-party vendors, manage due diligence processes, and coordinate remediation actions
  • Develop, refine, and maintain security and compliance policies, procedures, and standards
  • Support and promote security awareness initiatives, including employee training and phishing simulations
  • Lead and coordinate internal and external audits, ensuring continuous improvement in controls
What we offer
What we offer
  • Stock Options
  • Healthcare plans
  • 401k Retirement Plan
  • Wellness Stipend
  • Home Office Stipend
  • Cell Phone or WIFI reimbursement
  • Paid Parental Leave
  • Flexible Time Off
  • Generous Travel Policy
  • Offers Equity
  • Fulltime
Read More
Arrow Right

GRC Lead

We are looking for a GRC Lead to serve as the Technical Lead for our compliance ...
Location
Location
United States , Foster City
Salary
Salary:
208000.00 - 300000.00 USD / Year
replit.com Logo
Replit
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of experience in GRC or Information Security
  • Leadership Experience: Proven experience mentoring other GRC professionals or leading complex cross-functional projects
  • Technical Fluency: Ability to speak the language of engineering, cloud (GCP/AWS), and security architecture
  • Regulatory Breadth: Deep experience with SOC 2, ISO 27001, PCI, HIPPA, and Privacy laws
  • Collaborative Communication: Strong ability to explain risk and tradeoffs to technical (Engineers), legal, and commercial (Sales/Execs) stakeholders
  • Automation Mindset: Experience with GRC automation tools (e.g., Vanta, Drata) and a bias toward reducing manual toil
Job Responsibility
Job Responsibility
  • Team Leadership: Act as the technical anchor for the GRC team
  • Program Architecture: Own the technical vision for Replit’s GRC program
  • Thought Leadership: Champion a culture of security and privacy across the company
  • Engineering & Architecture: Partner with Architects and Engineering Leads to 'bake in' compliance requirements
  • Legal & Privacy: Work closely with Legal Counsel to interpret and implement requirements for Privacy and AI regulations
  • Sales & GTM: Enable the Sales team by managing the Customer Trust Center and handling complex security questionnaires
  • Auditor Relationships: Own and cultivate the primary relationship with external auditors
  • Risk Register Owner: Own the Cybersecurity Risk Register
  • Framework Evolution: Manage and evolve our compliance posture across SOC 2, ISO 27001, and prepare for future certifications
  • Pragmatic Governance: Apply judgment to operate in 'gray areas' when appropriate
What we offer
What we offer
  • Competitive Salary & Equity
  • 401(k) Program with a 4% match
  • Health, Dental, Vision and Life Insurance
  • Short Term and Long Term Disability
  • Paid Parental, Medical, Caregiver Leave
  • Commuter Benefits
  • Monthly Wellness Stipend
  • Autonomous Work Environment
  • In Office Set-Up Reimbursement
  • Flexible Time Off (FTO) + Holidays
  • Fulltime
Read More
Arrow Right

AI Project / Product Manager - Security / GRC

We have a 6 - 12 month+ contract position for an AI Project / Product Manager wi...
Location
Location
United States , St Louis
Salary
Salary:
Not provided
zeektek.com Logo
Zeektek
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • AI and IT Integrations Experience
  • Technical fluency to engage with AI / DSPM conversations
  • Business analyst / project manager mindset
  • Ability to understand and translate strategy
  • Partner with leaders, vendor, engineering, security, and GRC
  • Drive clarity, alignment, prioritization, and delivery
  • Produce BA/PM artifacts (requirements, roadmaps, dependencies, risks)
  • Work with the vendor
  • Bachelor’s degree in Business, IT, Cybersecurity, Data Analytics, or related field (or equivalent experience)
  • Exposure to AI, machine learning, or LLM-enabled solutions in an enterprise environment (required)
Job Responsibility
Job Responsibility
  • Lead end-to-end planning, execution, and delivery of AI Intelligence Layer initiatives supporting DSPM and data protection objectives
  • Translate strategic data protection and AI objectives into clear roadmaps, priorities, and delivery plans
  • Drive cross-functional alignment across business, security, engineering, GRC, and vendor teams
  • Partner with vendors throughout the lifecycle
  • Produce and maintain key program artifacts
  • Support requirements gathering and refinement
  • Facilitate prioritization and decision-making
  • Ensure solutions meet enterprise governance, risk, and compliance standards
  • Provide ongoing program oversight
  • Act as the primary coordinator across SDLC, security governance, and deployment processes
What we offer
What we offer
  • Weekly Direct Deposit
  • 401K Matching
  • Competitive medical, dental and vision insurance
  • Consistent communication throughout your project
  • ZeekTek Referral Program
  • Fulltime
Read More
Arrow Right

Sales Account Manager

Manage and grow a portfolio of key accounts, serving as the primary point of con...
Location
Location
Saudi Arabia , Riyadh
Salary
Salary:
Not provided
gizasystems.com Logo
Giza Systems
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong communication, interpersonal, and negotiation skills
  • Excellent organizational and time management abilities
  • Strong relationship-building and teamwork skills
  • Good analytical and problem-solving capabilities
  • Strategic thinking and decision-making skills
  • Customer-focused mindset with a strong service orientation
  • Self-motivated and able to perform effectively under pressure
  • Proficient in Microsoft Office applications with strong administrative skills
  • Fluent in English, both written and spoken
  • Strong stakeholder management, communication, and influencing skills
Job Responsibility
Job Responsibility
  • Manage and grow a portfolio of key accounts, serving as the primary point of contact for assigned clients
  • Develop and maintain strong, long-term relationships with clients to ensure high levels of engagement, trust, and customer retention
  • Gain a deep understanding of clients’ business objectives, operational challenges, and industry trends to proactively identify opportunities for value creation
  • Conduct regular business reviews and client meetings to assess needs, address concerns, and strengthen partnerships
  • Identify, develop, and capitalize on new business opportunities within existing and prospective accounts
  • Collaborate with clients to understand evolving business requirements and propose tailored solutions that align with their strategic goals
  • Drive the achievement of sales, profitability, and cash flow targets through effective account planning and opportunity management
  • Analyze market trends, customer insights, and competitor activities to support business growth initiatives and market expansion
  • Develop and execute strategic account plans to achieve or exceed sales objectives and business targets
  • Monitor, forecast, and report on key account metrics, sales pipelines, and revenue performance
  • Fulltime
Read More
Arrow Right

Head of Global Assurance

Scale seeks a Head of Global Assurance to lead a high-performing team of technic...
Location
Location
United States , Washington
Salary
Salary:
287200.00 - 359000.00 USD / Year
scale.com Logo
Scale
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in cybersecurity compliance, GRC, public and commercial sector assurance, IT audit, cloud security, or related roles
  • Active U.S. security clearance, SCI eligible
  • Experience leading global or region-specific assurance programs through scalable control frameworks and cross-functional execution
  • Experience managing senior technical assurance, cybersecurity compliance, GRC, audit, or control evidence professionals
  • Experience managing distributed teams across time zones
  • Deep familiarity with FedRAMP, continuous monitoring, authorization packages, and related NIST frameworks
  • Experience leading customer assurance, control evidence, remediation, reporting, and audit workflows
  • Experience overseeing SOC 2, ISO 27001, and other commercial assurance frameworks
  • Experience with external assessors, authorizing officials, government customers, public sector partners, commercial auditors, or certification bodies
  • Experience working with legal teams on contract-driven assurance obligations, and strong judgment on when to escalate legal, contractual, technical, security, customer-facing, or privileged issues
Job Responsibility
Job Responsibility
  • Lead assurance programs across Scale’s Global Public Sector and Commercial businesses, including FedRAMP, NIST frameworks, SOC 2, ISO 27001, and other customer, regulatory, and business assurance requirements
  • Manage and develop a technical assurance team responsible for public sector authorizations, commercial assurance, audits, customer commitments, control evidence, remediation, and reporting
  • Set priorities and operating cadences for assurance workflows, including intake, evidence collection, control owner follow-up, remediation tracking, metrics, and deadline management
  • Build the metrics, dashboards, and reporting cadences that give company leadership a clear view of program health, key risks, and strategic priorities
  • Partner with Legal on contract-driven assurance obligations, sensitive escalations, external-facing responses, and customer-facing representation issues
  • Work closely with Global Public Sector, Enterprise, Security, Engineering, Product, and other control owners to validate evidence, track remediation, and support authorization and audit requirements
  • Collaborate across Legal and GRC on a unified controls framework for security and other regulatory requirements
  • Manage relationships with external auditors, assessors, and certification bodies
What we offer
What we offer
  • Comprehensive health, dental and vision coverage
  • Retirement benefits
  • Learning and development stipend
  • Generous PTO
  • Commuter stipend
  • Fulltime
Read More
Arrow Right

CSIRT Director

The CSIRT Director is a cybersecurity leader responsible for the complete owners...
Location
Location
Canada , Montreal
Salary
Salary:
Not provided
sita.aero Logo
SITA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of progressive experience in cybersecurity, with at least 7+ years in a senior leadership role with direct accountability for security operations.
  • 5+ years of direct experience managing large, geographically distributed Security Operations Centers (SOCs) — including multi-site, multi-shift, 24/7/365 operations.
  • Bachelor's degree in computer science, Information Systems, Information Security, or a related discipline
  • or equivalent professional experience.
  • Active professional certification in at least one of the following: CISSP, CISM, CISA, GIAC GSOM, GIAC GCIH, or equivalent.
  • Proven experience managing global teams across multiple time zones and cultures, with a track record of building cohesive, high-performing distributed teams. With demonstrated ownership of an Incident Response Function and Team.
  • Demonstrated ownership of two or more of the following functions: SOC, CTEM / Vulnerability Management, Cyber Threat Intelligence,
  • Strong command of the MITRE ATT&CK framework, NIST CSF, and incident response methodologies (SANS PICERL, NIST 800-61).
  • Executive-level communication skills — ability to translate complex technical threats into business risk language for CISO, C-suite, and Board audiences.
Job Responsibility
Job Responsibility
  • Continuous Threat Exposure Management (CTEM) - Directs the organization's proactive exposure reduction program. This includes attack surface management, vulnerability prioritization, red team / purple team program oversight, penetration testing governance, and the coordination of remediation workflows with IT and engineering stakeholders.
  • Cyber Threat Intelligence (CTI) - Commands the intelligence function responsible for producing finished, operationalized threat intelligence. This includes strategic intelligence briefings to CISO and Board, tactical intelligence feeds into detection platforms, threat actor tracking, sector-specific threat analysis (transportation/aviation/border security), and third-party intelligence partnerships.
  • Incident Response (IR) - Owns the full incident response lifecycle. Accountable for IR planning and playbook governance, crisis management and executive communication during significant incidents, forensic capability oversight, tabletop exercise program, regulatory breach notification coordination, and post-incident reviews (PIRs).
  • Security Operations (SecOps) Collaboration - Direct and optimize resources across global SOC locations (Montreal, Cairo, Singapore), ensuring consistent standards, 24/7/365 coverage through a follow‑the‑sun operating model, and resilient business continuity with defined failover capabilities. Drive collaboration and intelligence sharing across sites while managing MSSP and third‑party partners to ensure performance, accountability, and unified global operations.
  • Strategic Leadership & Governance - Define and lead a multi‑year global CSIRT strategy, serving as the single point of accountability for threat exposure, intelligence, and incident response while aligning capabilities to business risk and industry frameworks. Own executive reporting, budget planning, and the establishment of clear SLAs and KPIs to ensure a mature, scalable, and effective cybersecurity operations program.
  • People Leadership & Talent Development - Lead, develop, and retain a high‑performing global cybersecurity operations team across CTEM, CTI, and Incident Response, fostering an inclusive, high‑accountability culture that enables collaboration across regions and time zones. Establish clear career pathways, performance management, and succession planning while overseeing staffing models, shift coverage, and on‑call operations across all SOC locations.
  • Executive & Stakeholder Engagement - Act as the primary liaison to the CISO, delivering executive‑ and board‑level insights on security operations, threat posture, and incident response effectiveness. Partner cross‑functionally with architecture, engineering, GRC, legal, and IT teams, and represent CSIRT in audits, regulatory reviews, and customer security engagements.
What we offer
What we offer
  • Work from home up to 2 days/week (depending on your team’s needs)
  • Flex Day: Make your workday suit your life and plans.
  • Flex Location: Take up to 30 days a year to work from any location in the world.
  • Employee Wellbeing: Employee Assistance Program (EAP) for you and your dependents 24/7, 365 days/year
  • Champion Health platform.
  • Professional Development: Access to world-class learning platforms including LinkedIn Learning, Microsoft's Enterprise Skills Initiative, Airport Council International, Pluralsight, Harvard Business Publishing, Stanford and many others.
  • Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.
  • Fulltime
Read More
Arrow Right

Senior IT Security Compliance Engineer

The Senior IT Security Compliance Engineer is responsible for developing, mainta...
Location
Location
Egypt , Cairo
Salary
Salary:
Not provided
arrow.com Logo
Arrow Electronics
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong knowledge of information security principles, risk management, and compliance frameworks, with a solid understanding of ISO 27001 requirements and controls
  • Hands-on experience supporting audits and compliance programs for frameworks such as ISO 27001, SOC 2, CMMC, NIST, or similar
  • GRC-related certification (e.g., CISSP, CISA, CRISC, ISO 27001 Lead Implementer/Lead Auditor) is preferred
  • Experience working in SaaS or technology-driven environments is highly desirable
  • Familiarity with cloud computing platforms and cloud security principles
  • Excellent written and verbal communication skills, with proven ability to produce clear, high-quality security documentation and reports
  • Minimum of 5 years of professional experience in cybersecurity, information security, or compliance-related roles
  • Bachelor’s degree in Computer Engineering, Computer Science, Information Security, or a related field
Job Responsibility
Job Responsibility
  • Develop, review, and maintain IT security policies, standards, procedures, and guidelines in alignment with industry best practices and regulatory requirements
  • Lead and coordinate compliance initiatives for security frameworks and standards, including but not limited to ISO 27001, SOC 2, CMMC, NIST, and internal security assessments
  • Manage audit readiness activities, including documentation preparation, evidence collection, stakeholder coordination, and remediation tracking for internal and external audits
  • Respond to customer and partner security questionnaires, ensuring accurate, consistent, and timely responses
  • Conduct periodic security and risk assessments to evaluate the effectiveness of security controls and identify improvement opportunities
  • Track, manage, and follow up on vulnerability remediation efforts in collaboration with IT, engineering, and operations teams
  • Prepare and deliver security metrics, compliance reports, and executive-level summaries
  • Provide security awareness, training, and education to employees to promote a strong security culture across the organization
  • Support continuous improvement of governance, risk, and compliance (GRC) processes and tooling
  • Fulltime
Read More
Arrow Right