Role: GRC/Cybersecurity Engineer
Location: Fountain Valley, CA
Work Type: Hybrid 3-4 days on-site at Fountain Valley CA
Contract Type: W2 or Corp to Corp
We are seeking a dedicated and experienced Cybersecurity GRC Engineer to join our growing team. As a GRC Engineer, you will play a key role in ensuring that our organization's cybersecurity posture is aligned with industry regulations, standards, and best practices.
You will be responsible for managing and improving the Governance, Risk, and Compliance frameworks within the company, ensuring we meet internal policies, external regulatory requirements, and industry standards.
Key Responsibilities:
Governance & Policy Management:
o Develop, implement, and maintain cybersecurity governance frameworks and policies to ensure compliance with industry standards (e.g., NIST, ISO 27001, GDPR, HIPAA).
o Collaborate with business units to define and align cybersecurity governance and risk management strategies with organizational goals.
o Drive the creation and implementation of cybersecurity policies, standards, and guidelines.
Risk Management:
o Perform regular risk assessments to identify vulnerabilities and gaps in the current security posture.
o Develop and manage the enterprise-wide risk management strategy.
o Lead risk mitigation efforts and ensure proper documentation of risk treatments, controls, and residual risks.
o Collaborate with IT, operations, and other teams to implement appropriate security controls to mitigate risks.
Compliance & Regulatory Reporting:
o Ensure the organization complies with relevant cybersecurity laws, regulations, and industry standards.
o Maintain an understanding of applicable regulations and standards (e.g., SOC 2, PCI DSS, GDPR) and ensure alignment with cybersecurity strategies and practices.
o Support external audits and compliance assessments, including preparing required documentation and reporting. HMG Only
o Track and report on compliance metrics, identifying areas for improvement.
Continuous Improvement & Incident Management:
o Drive continuous improvement of the GRC program by evaluating and recommending enhancements.
o Assist with the identification and management of cybersecurity incidents, ensuring alignment with incident response policies and procedures.
o Work closely with other teams (e.g., security operations, legal, IT) to ensure timely resolution of compliance-related issues or incidents.
Training & Awareness:
o Provide ongoing education and awareness programs to staff on cybersecurity risks, policies, and best practices.
o Act as a subject matter expert (SME) for governance, risk management, and compliance inquiries across the organization.
Reporting & Documentation:
o Develop and deliver regular reports to senior management and stakeholders on GRCrelated performance, issues, and progress.
o Maintain clear, organized documentation of GRC processes, decisions, and activities.
Skills and Qualifications:
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• Proven experience in a Cybersecurity GRC Engineer role or similar position.
• Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, SOC 2, PCI DSS).
• Experience with risk management practices, tools, and methodologies.
• Hands-on experience with GRC platforms and tools (e.g., RSA Archer, MetricStream, ServiceNow).
• In-depth knowledge of data privacy laws and regulations (GDPR, CCPA, HIPAA, etc.).
• Familiarity with regulatory compliance and audit processes.
• Strong analytical, problem-solving, and critical-thinking skills.
• Excellent written and verbal communication skills, with the ability to present complex topics to both technical and non-technical stakeholders.
• Strong attention to detail and ability to manage multiple projects simultaneously.
Preferred Qualifications:
• Certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control).
• Experience with cloud security compliance (e.g., AWS, Azure, Google Cloud).
• Knowledge of automated compliance monitoring tools.
Full Time or Part Time Opportunity for a Dental Assistant! We are a Private Dental Office. We treat both Adult & Children patients We have a great team! Our Position can be Full Time or Part Time. We are open Monday thru Friday: 8am - 5pm We are closed...
...Hy-Vee - W Rock Island St [Kitchen Staff / Pastry Cook] As a Baker at Hy-Vee, you'll: Check orders for the day and set up a timeline and production schedule; Prepare make up, bake, and fry all department products as needed; Review the status and appearance of product for...
...Job Description Solomon Page is seeking a travel RDN - Registered Dietitian Nutritionist for a travel job in Columbus, Ohio. Job Description & Requirements ~ Specialty: RDN - Registered Dietitian Nutritionist ~ Discipline: Allied Health Professional ~ Start...
...Role: Talent Acquisition Consultant Duration: 6 Months Location : Cedar Rapids, Hybrid ( 3 days from office, Tue-Thru) Interview: 2 Rounds can be virtual Laptop Will be provided by Client JOB SUMMARY: Assist with the recruitment process for assigned...
...About Terra Site Constructors, LLC Terra Site Constructors, LLC is a dynamic, SBA 8(a) certified general contractor focused on federal construction , design-build , and self-perform capabilities. We serve clients including NAVFAC, USACE, NPS, GSA, and other federal...