Role: GRC/Cybersecurity Engineer
Location: Fountain Valley, CA
Work Type: Hybrid 3-4 days on-site at Fountain Valley CA
Contract Type: W2 or Corp to Corp
We are seeking a dedicated and experienced Cybersecurity GRC Engineer to join our growing team. As a GRC Engineer, you will play a key role in ensuring that our organization's cybersecurity posture is aligned with industry regulations, standards, and best practices.
You will be responsible for managing and improving the Governance, Risk, and Compliance frameworks within the company, ensuring we meet internal policies, external regulatory requirements, and industry standards.
Key Responsibilities:
Governance & Policy Management:
o Develop, implement, and maintain cybersecurity governance frameworks and policies to ensure compliance with industry standards (e.g., NIST, ISO 27001, GDPR, HIPAA).
o Collaborate with business units to define and align cybersecurity governance and risk management strategies with organizational goals.
o Drive the creation and implementation of cybersecurity policies, standards, and guidelines.
Risk Management:
o Perform regular risk assessments to identify vulnerabilities and gaps in the current security posture.
o Develop and manage the enterprise-wide risk management strategy.
o Lead risk mitigation efforts and ensure proper documentation of risk treatments, controls, and residual risks.
o Collaborate with IT, operations, and other teams to implement appropriate security controls to mitigate risks.
Compliance & Regulatory Reporting:
o Ensure the organization complies with relevant cybersecurity laws, regulations, and industry standards.
o Maintain an understanding of applicable regulations and standards (e.g., SOC 2, PCI DSS, GDPR) and ensure alignment with cybersecurity strategies and practices.
o Support external audits and compliance assessments, including preparing required documentation and reporting. HMG Only
o Track and report on compliance metrics, identifying areas for improvement.
Continuous Improvement & Incident Management:
o Drive continuous improvement of the GRC program by evaluating and recommending enhancements.
o Assist with the identification and management of cybersecurity incidents, ensuring alignment with incident response policies and procedures.
o Work closely with other teams (e.g., security operations, legal, IT) to ensure timely resolution of compliance-related issues or incidents.
Training & Awareness:
o Provide ongoing education and awareness programs to staff on cybersecurity risks, policies, and best practices.
o Act as a subject matter expert (SME) for governance, risk management, and compliance inquiries across the organization.
Reporting & Documentation:
o Develop and deliver regular reports to senior management and stakeholders on GRCrelated performance, issues, and progress.
o Maintain clear, organized documentation of GRC processes, decisions, and activities.
Skills and Qualifications:
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• Proven experience in a Cybersecurity GRC Engineer role or similar position.
• Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, SOC 2, PCI DSS).
• Experience with risk management practices, tools, and methodologies.
• Hands-on experience with GRC platforms and tools (e.g., RSA Archer, MetricStream, ServiceNow).
• In-depth knowledge of data privacy laws and regulations (GDPR, CCPA, HIPAA, etc.).
• Familiarity with regulatory compliance and audit processes.
• Strong analytical, problem-solving, and critical-thinking skills.
• Excellent written and verbal communication skills, with the ability to present complex topics to both technical and non-technical stakeholders.
• Strong attention to detail and ability to manage multiple projects simultaneously.
Preferred Qualifications:
• Certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control).
• Experience with cloud security compliance (e.g., AWS, Azure, Google Cloud).
• Knowledge of automated compliance monitoring tools.
...providing excellent care for our residents. LakeHouse Senior Living is hiring CNAs for our community Walker Place Senior Living. The CNA's role includes providing hands-on care, physical and emotional support to each resident while maintaining a safe and comfortable...
...General information Job Title Airport Ramp Agent FT (Delta) - ORF Date Monday, May 19, 2025 State Virginia City Norfolk Base Pay Rate: $ 15.15 Full/Part Time Full Time Exempt or Non-Exempt Position...
...leadership. Requirements: Master's degree in social work or related discipline. Must consent to and pass a urine drug screen Two or more years of professional experience in counseling or social work settings. LSW or LPC with Chemical Dependency focus....
...nights, weekends and early morningsApplicants in the U.S. must satisfy federal, state, and local legal requirements of the job.Michaels requires all team members in this role to be at least sixteen (16) years or older.At The Michaels Companies Inc, our purpose is...
...Job Description: GardaWorld Security Services is Now Hiring a Tactical Security Officer! Ready to suit up as a Tactical Security Guard? What matters most... ...as you will be moving around your entire shift, patrolling environments such as retail stores, airports,...