Information Security Engineer- GRC - Remote
The Information Security Engineer, Governance, Risk, & Compliance will focus on supporting an enterprise security program including third-party risk management (TPRM), Security Awareness Training, data privacy, and other security or risk related activities. The applicant should have prior experience conducting third-party risk assessments, security policy and standards creation, and an advanced understanding of security controls and framework alignment. The candidate will assess and qualify security risks as they pertain to cloud or hybrid security environments and develop risk remediation plans in coordination with key stakeholders. The candidate will possess strong communication skills, advocate for security, be comfortable presenting security topics to internal and external customers, and thrive operating in a highly visible and fast-paced role.
Process & execution
- Develop and contribute to the creation and maturation of information security policies, standards, and processes.
- Ability to think strategically, plan methodically, and execute tactically.
- Take ownership of personal and professional development needed to excel in the role.
- Accurately conduct third-party risk assessments while partnering with internal technical and non-technical teams such as legal, procurement, IT, and Security Operations.
- Align industry security frameworks to ensure proper data security controls are implemented.
- Maintain the organizational Corporate Risk Register, evaluate the impact and probability of risk, and coordinate remediation activities with risk owners.
- Develop and maintain security exceptions to ensure risk reduction strategies are established.
- Successfully operate in a fast-paced environment with changing priorities.
- Create, adapt, and enhance weekly metrics to measure the efficacy and effectiveness of the security program.
- Proactively identify security risks in processes, technologies, and take ownership of projects and initiatives.
Collaboration & Partnerships
- Apply excellent communication skills to efficiently collaborate with company stakeholders and business partners.
- Evaluate and recommend new products, maintain knowledge of emerging technologies, and maximize value from existing tool sets to ensure return on investment.
- Identify, communicate, and mitigate security risks in on-premises or hybrid/multi-cloud deployments.
- Demonstrate strong problem-solving skills by identifying gaps or issues and formulating solutions.
- Ensure compliance with company policies and standards.
- Promptly respond to information security tickets and other requests.
- Resolve complex problems across multiple business units.
- Perform with a strong sense of teamwork and personal accountability.
- Identify areas of improvement within the security team to maintain a level of excellence.
- Develop and visualize performance metrics to measure programmatic success.
- Design, document, and implement procedures and techniques for analyzing and evaluating risk.
- Research emerging technologies.
- Identify opportunities to optimize processes.
- Collaborate on security engineering standards, methodologies, and sustainable processes.
- Prioritize the team’s collaboration, systematic execution, and overall success.
- Thrive within an environment requiring priority adjustments, multi-tasking, and open communication to align business needs with current responsibilities.
- Bachelor’s degree in IT discipline or equivalent work experience.
- Exceptional verbal and written communication skills with an ability to present complex information to audiences of varying subject knowledge.
- Minimum of five years working in Information Security with two years conducting third-party and vendor risk assessments.
- At least three years of experience with security control frameworks across a heterogenous multi-cloud environment.
- Must have ability to successfully operate in a fast-paced work environment with shifting priorities.
- Hands-on experience conducting risk and/or self-assessment activities to identify key risk areas in the business.
- Prior experience implementing and maintaining governance, risk and compliance tools preferred.
- Prior knowledge of multi-cloud environments with experience in SaaS, PaaS, and IaaS risk analysis.
- Understand data categorization and prioritization of control implementations based on data types.
- Experience with DLP systems including MO365 or eDLP deployments.
- Industry certification preferred in one of the following areas: (e.g., CISSP, CISM, CRISC, or CISA).
- Familiarity with security assessments and compliance requirements frameworks (SOC-2, NIST “800 series”, CSF, SOX, etc.).
- Knowledge of security auditing procedures including measuring control effectiveness.
- Knowledge of current data privacy laws (CCPA/CPRA, GDPR).
- Prior experience in the broadcast/media entertainment industries preferred.
About the Team