Role: Lead Cybersecurity GRC Engineer
Location: Remote
FTE
Job Description
Must Have Technical/Functional Skills
• CISSP certification strongly preferred (or equivalent demonstrated experience).
• Additional certifications such as CISA, CISM are a plus.
• Experience with GRC platforms such as:
• ServiceNow IRM / GRC
• Archer
• 6clicks
• Other comparable GRC tools
• Prior exposure to regulated financial services environments (Banking / Insurance).
Roles & Responsibilities
Lead and oversee cybersecurity risk remediation and governance initiatives aligned with enterprise risk and compliance requirements.
• Interpret security policies, standards, and regulatory requirements, and apply them effectively to enterprise assets and environments.
• Identify control gaps, non-compliance issues, and deviations, and drive remediation efforts to closure.
• Perform and guide security control testing, including:
• Test of Design (ToD)
• Test of Effectiveness (ToE)
• Provide remediation guidance across key cybersecurity domains, including but not limited to:
• Secure architecture and security design
• Security testing and validation
• Secure coding and code compliance
• Business Continuity Planning (BCP) and Disaster Recovery (DR)
• Third-Party Risk Management (TPRM)
• Partner with technical, risk, and business stakeholders to gather and validate evidence supporting remediation and compliance activities.
• Prepare and maintain high-quality documentation such as:
• Policies, procedures, and SOPs
• Remediation plans and guidance documents
• Risk and compliance reports
• Present findings, recommendations, and remediation strategies to senior stakeholders and decision-makers.
• Influence outcomes through clear, tactful, and data-driven communication.
• Support compliance and audit activities; prior audit engagement experience is highly desirable.
Generic Managerial Skills, If any
• Minimum 8 years of experience in Cybersecurity and GRC, spanning multiple security domains (CISSP domains may be used as a reference framework).
• Strong hands-on experience in risk remediation, particularly across security design, testing, compliance, BCP/DR, and third-party risk.
• Proven ability to translate policy and regulatory requirements into actionable remediation steps.
• Demonstrated experience in control testing (ToD and ToE).
• Excellent verbal and written co mmunication skills, with experience engaging senior leaders within banking or insurance organizations.
• Strong analytical and documentation skills with a track record of producing professional, client-ready deliverables.
• Experience advising on remediation strategies and risk treatment options.