Principal Security Engineer - InfoSec GRC

📋 Description

• Lead a unified security controls framework for the GRC program.
• Conduct targeted gap assessments to support new regulatory frameworks.
• Partner with engineering, product, legal, and security teams to close gaps.
• Support internal and external audits across PCI DSS, SOC 2, ISO 27001, etc.
• Present risk, audit status, and remediation priorities to senior leaders.
• Drive scalable, risk-based exception management and governance processes.

🎯 Requirements

• 10+ years in information security, IT, or related fields.
• 6+ years managing information security programs, audits, or assessments.
• Experience building unified security controls across multiple standards.
• Experience auditing PCI DSS, NIST CSF/800-53, ISO 27001, SOC 2.
• Experience assessing AWS and applying threat modeling, architecture reviews, access management, encryption.
• Experience presenting audit results to executive stakeholders.

🎁 Benefits

• Remote or hybrid work options.
• Diversity, equity, inclusion, and belonging commitments.
• EEO policy and equal opportunity employer.
• Comprehensive benefits: medical, dental, vision, 401(k).
• Paid time off, parental leave, wellness benefits.
• Opportunities to learn and grow.