GRC Engineer
ZBD · United States · Today
RemoteRemoteEngineeringFull-time
Key Responsibilities
- Conduct cybersecurity risk assessments, including third-party/vendor risk evaluations, with an emphasis on consistency, repeatability, and scalability.
- Proactively identify and address security & policy gaps in existing systems and architectures, recommending and implementing enhancements to strengthen ZBD’s overall security posture.
- Bring and keep ZBD systems, processes, and procedures into compliance with relevant compliance frameworks (SOC 2, DORA, GDPR, PCI DSS, etc.).
- Design, implement, and maintain security solutions to address vulnerabilities and risks within ZBD systems.
- Work closely with the software engineers and developers to establish and keep a strong security compliance posture.
- Develop and enforce technical security standards, patterns, and best practices to establish and maintain a consistent and robust security posture across ZBD systems.
- Develop and maintain cloud recovery and backup solutions to ensure availability and business continuity.
- Apply the most appropriate technical approach based on problem complexity and process maturity.
- Participate in an On-Call rotation.
- Document processes & procedures.
Skills, Knowledge, and Ability
- 3+ years of experience in security governance, cloud and application security assessments, risk management, and/or third party risk.
- Thorough understanding of cybersecurity principles, cloud security, and identity and access management.
- Firm grasp on cloud computing principles.
- Demonstrated experience with Infrastructure as Code using Terraform/OpenTofu.
- Working knowledge of Linux.
- Experience with metrics gathering, alerting, reporting.
- Experience with git, GitLab, and CI/CD pipelines.
- Ability to design, implement, and improve cybersecurity solutions.
- Ability to balance cybersecurity initiatives with business initiatives.
- Ability to identify and analyze potential methods of attack.
Bonus Experience
- Experience with AWS Organizations and Multi Accounts.
- Experience as a software engineer.
- Experience with SOC 2 compliance efforts.
- Knowledge of, and experience working with Bitcoin and Lightning Network software.