The Senior GRC engineer acts as a team lead in the enforcement of corporate, regulatory and risk management policy configurations. The position assists in developing, implementing, and maintaining corporate information security standards, technologies, processes, and procedures. In addition, the role coordinates vulnerability management, security awareness training, and audits.
As a senior member of the team, the role requires a strong positive ability to lead junior team members through the strategy directed by senior management. In addition to technical skills, the senior GRC engineer is process-oriented and results-oriented and demonstrates effective problem-solving and communication skills.
The senior GRC engineer often serves as a subject matter expert for colleagues and line-of-business managers, and experience with multiple technologies, compliance requirements and risk analysis methodologies are crucial.
Essential Functions of the Job
Operate the GRC program.
Work with internal and external partners to create low-friction, high-impact solutions that minimize information security risk to our company, customers, and partners.
Assess and document information security internal controls as part of on-going compliance efforts including SOX, PCI, and NIST 800-53
Ensure effective and efficient control design, implementation, and testing procedures.
Evaluate internal control gaps and deficiencies and propose remediation strategies; monitor timely resolution.
Establish metrics and reporting strategies to communicate status, demonstrate progress, and build awareness and accountability around control performance.
Identify process and control improvement/automation/consolidation opportunities.
Drive an increase in maturity of the overall control environment.
Oversee and guide the implementation of products and services required to maintain compliance with existing, new, or changing regulations and audit recommendations.
Maintain vulnerability management standards across all operating systems, software applications and hardware configurations.
Protect systems by defining access privileges, control structures and resources.
Attend and engage in all change and project management meetings.
Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
Perform other duties as assigned.
Qualifications and Competencies
Minimum of 5 years of experience in designing, implementing, and operating an information security audit and assurance program.
Knowledge of information security controls across multiple technologies including network, operating system, Governance, Risk, and Control (GRC) frameworks, approaches, tools, and methodologies.
Proven track record for delivering results while developing and maintaining professional work relationships.
Advanced interpersonal and communication skills with the ability to collaborate effectively in a team environment and promote ideas at various levels of the organization.
Strong self-directed work habits exhibiting initiative, drive, creativity, maturity, self-assurance, professionalism, and the ability to autonomously manage multiple concurrent projects.
Advanced analytical and decision-making skills.
Excellent written and verbal communication skills and the ability to translate security objectives into product team.
Ability to communicate technical concepts to business stakeholders.
Ability to see patterns, commonalities, and investigate complex issues.
Skilled in documenting risk and compliance activities.
Excellent judgement in prioritizing security efforts to mitigate the appropriate risks.
An ability to reason about security decisions and communicate security requirements.
Certified Information Systems Auditor (CISA) or equivalent professional certification (e.g., CRISC).
Previous consulting experience is ideal.
Experience in cloud computing technologies, including software-, infrastructure- and platform-as-a-service, as well as public, private and hybrid environments.
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
Benefits
Annual bonus opportunity
Flexible paid time off and holidays
Health, vision, dental, life insurance plans, and discounts
401(k) savings plan plus a company match with immediate vesting
Eligible to participate in the employee stock purchase plan after 1 year of continuous employment
Discounts on Red Robin food
Compensation Range: $111,300.00 - $153,075.00
Red Robin is an Equal Opportunity & E-Verify Employer