IT Senior GRC Engineer

• Operate the GRC program.

• Work with internal and external partners to create low-friction, high-impact solutions that minimize information security risk to our company, customers, and partners.

• Assess and document information security internal controls as part of on-going compliance efforts including SOX, PCI, and NIST 800-53

• Ensure effective and efficient control design, implementation, and testing procedures.

• Evaluate internal control gaps and deficiencies and propose remediation strategies; monitor timely resolution.

• Establish metrics and reporting strategies to communicate status, demonstrate progress, and build awareness and accountability around control performance.

• Identify process and control improvement/automation/consolidation opportunities.

• Drive an increase in maturity of the overall control environment.

• Oversee and guide the implementation of products and services required to maintain compliance with existing, new, or changing regulations and audit recommendations.

• Maintain vulnerability management standards across all operating systems, software applications and hardware configurations.

• Protect systems by defining access privileges, control structures and resources.

• Attend and engage in all change and project management meetings.

• Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.

• Perform other duties as assigned.

Qualifications and Competencies

• Minimum of 5 years of experience in designing, implementing, and operating an information security audit and assurance program.

• Knowledge of information security controls across multiple technologies including network, operating system, Governance, Risk, and Control (GRC) frameworks, approaches, tools, and methodologies.

• Proven track record for delivering results while developing and maintaining professional work relationships.

• Advanced interpersonal and communication skills with the ability to collaborate effectively in a team environment and promote ideas at various levels of the organization.

• Strong self-directed work habits exhibiting initiative, drive, creativity, maturity, self-assurance, professionalism, and the ability to autonomously manage multiple concurrent projects.

• Advanced analytical and decision-making skills.

• Excellent written and verbal communication skills and the ability to translate security objectives into product team.

• Ability to communicate technical concepts to business stakeholders.

• Ability to see patterns, commonalities, and investigate complex issues.

• Skilled in documenting risk and compliance activities.

• Excellent judgement in prioritizing security efforts to mitigate the appropriate risks.

• An ability to reason about security decisions and communicate security requirements.

• Certified Information Systems Auditor (CISA) or equivalent professional certification (e.g., CRISC).

• Previous consulting experience is ideal.

• Experience in cloud computing technologies, including software-, infrastructure- and platform-as-a-service, as well as public, private and hybrid environments.

• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.

Benefits

• Annual bonus opportunity

• Flexible paid time off and holidays

• Health, vision, dental, life insurance plans, and discounts

• 401(k) savings plan plus a company match with immediate vesting

• Eligible to participate in the employee stock purchase plan after 1 year of continuous employment

• Discounts on Red Robin food