Senior GRC Engineer

$130,000 - $130,000/Yr

Spire - Bodega Bay, CA

posted 2 months ago

Full-time - Mid Level
Hybrid - Bodega Bay, CA
Utilities

About the position

The Senior GRC Engineer at Spire will play a pivotal role in ensuring compliance with critical regulations and standards such as EAR, ITAR, ISO 27001, and NIST 800-171. This position involves conducting assessments, managing GRC tools, and collaborating with various teams to develop and implement cybersecurity strategies. The ideal candidate will have a strong technical background and experience in governance, risk, and compliance, particularly in the aerospace or government sectors.

Responsibilities

  • Conduct thorough assessments and audits to ensure continued compliance with EAR/ITAR, ISO 27001, NIST 800-171 and any additional future security frameworks or contractual security requirements.
  • Operate Spire's Information Security Management System by outlining projects, executing workflows, and coordinating tasks with other teams as needed.
  • Design, implement, and manage GRC tools and technologies to streamline processes for risk assessment, compliance monitoring, and incident management, including development of automation tools and automating auditing tasks.
  • Develop and implement GRC and cybersecurity strategies and policies in line with regulatory and certification requirements.
  • Provide guidance and training to staff on compliance matters related to export controls and security standards.
  • Collaborate with cross-functional teams to address compliance issues and develop corrective action plans.
  • Work with Spire's Legal department to incorporate new legislative requirements into existing policies and procedures.
  • Monitor applicable cybersecurity regulations for changes and incorporate new requirements into existing policies and procedures.
  • Generate new documentation and maintain existing documentation such as stakeholder analyses, scope statements, risk assessment and treatment procedures, performance monitoring and measurement plans, etc.
  • Conduct risk assessments and develop risk mitigation strategies.
  • Prepare and submit compliance reports to regulatory agencies and internal stakeholders, including NIST SSPs and POAMs.
  • Participate in external and internal audits including gathering audit evidence both directly and indirectly through coordination with other teams.

Requirements

  • Bachelor's degree in Information Security, Cyber Security, Computer Science, Computer Engineering, Software Development, or a related field, or equivalent experience in a relevant area.
  • Minimum of 3-5 years of hands-on technical experience in an IT, engineering, GRC, or security role, preferably in the aerospace, satellite, or Government industries.
  • In-depth knowledge of EAR, ITAR, ISO 27001, NIST 800-171, and NIST 800-53.
  • Professional certifications such as CISSP, CISA, CRISC, or similar are highly desirable.
  • Ability to automate security control, compliance, and configuration audits utilizing scripting languages such as bash, Python, Go, or similar.
  • Experience implementing and managing GRC tools and technologies, such as GRC platforms, SIEM solutions, and vulnerability management systems.
  • Experience reviewing risk analyses, drafting corrective action plans, and driving the risk treatment process.
  • Relevant experience working and communicating with internal and external systems and process auditors.
  • In depth knowledge of security framework controls as they apply to public cloud (AWS preferred), hybrid, self-hosted, and SaaS environments.
  • Ability to transform and communicate organizational compliance requirements into internal engineering requirements for various teams including engineering and security.
  • Ability to partner with colleagues, independently manage and run complex projects, and prioritize efforts for risk reduction.
  • Excellent analytical and problem-solving skills.
  • Develop clear and concise written content.
  • Excellent project and task management skills, preferably using Jira.
  • Strong communication and interpersonal abilities.
  • Ability to work independently and as part of a team.

Nice-to-haves

  • Experience in the aerospace or government industries.
  • Familiarity with additional security frameworks beyond those listed.
  • Experience with cloud security and compliance in AWS environments.

Benefits

  • Vacation, sick, and personal time off
  • Optional medical, dental, vision, life, and disability coverage
  • 401(K) plan
  • Health and wellness reimbursement program
  • Participation in Spire's Employee Stock Purchase Plan
  • Generous Time Off Policy
  • Education Assistance Program
  • Employee Assistance Program (EAP)
  • Family Leave
  • Fitness Reimbursement
  • Employee Referral Program
  • Healthy snacks & beverages in every office
Job Description Matching

Match and compare your resume to any job description

Start Matching
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service