Blog

We are seeking a dedicated and experienced Cybersecurity GRC Engineer to join our growing team. As a GRC Engineer, you will play a key role in ensuring that our organization's cybersecurity posture is aligned with industry regulations, standards, and best practices. You will be responsible for managing and improving the Governance, Risk, and Compliance frameworks within the company, ensuring we meet internal policies, external regulatory requirements, and industry standards.

Key Responsibilities:

• Governance & Policy Management:
• Develop, implement, and maintain cybersecurity governance frameworks and policies to ensure compliance with industry standards (e.g., NIST, ISO 27001, GDPR, HIPAA).
• Collaborate with business units to define and align cybersecurity governance and risk management strategies with organizational goals.
• Drive the creation and implementation of cybersecurity policies, standards, and guidelines

Skills and Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• Proven experience in a Cybersecurity GRC Engineer role or similar position.
• Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, SOC 2, PCI DSS).
• Experience with risk management practices, tools, and methodologies.
• Hands-on experience with GRC platforms and tools (e.g., RSA Archer, MetricStream, ServiceNow).
• In-depth knowledge of data privacy laws and regulations (GDPR, CCPA, HIPAA, etc.).
• Familiarity with regulatory compliance and audit processes.
• Strong analytical, problem-solving, and critical-thinking skills.
• Excellent written and verbal communication skills, with the ability to present complex topics to both technical and non-technical stakeholders.
• Strong attention to detail and ability to manage multiple projects simultaneously.

Preferred Qualifications:

• Certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control).
• Experience with cloud security compliance (e.g., AWS, Azure, Google Cloud).
• Knowledge of automated compliance monitoring tools.

TECHNOLOGY & CONSULTING | AN INC. 5000 COMPANY [ 2022 | 2016 | 2015 | 2014]

CONFIDENTIALITY: This e-mail transmission may contain confidential or legally privileged information that is intended solely for the individual or entity named in the e-mail address.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited.  If you have received this e-mail transmission in error, please delete all copies of the message and immediately inform the sender, so that Vista Applied Solutions Group Inc can arrange for proper delivery.   
WARNING: Computer viruses can be transmitted via email. While Vista Applied Solutions Group Inc has taken reasonable precautions to minimize this risk, Vista Applied Solutions Group Inc accepts no liability for any damage that may be caused to you in the event that there is any virus in this e-mail or any attachments attached hereto. It is the addresses(s) duty to check and scan this email and any attachments attached hereto for the presence of viruses prior to opening the email.