Jobs · Education · Washington

Principal, GRC Automation and Cyber Risk

F5 · Greater Seattle Area · 2 wk ago
HybridEducation$167k–$251k/yrFull-time

About the role

The Principal, GRC Automation & Cyber Risk Quantification is a senior engineering and strategic leadership role responsible for designing, implementing, and scaling automated, data-driven cyber risk and GRC capabilities across the enterprise.

Responsibilities

  • Shift GRC from manual, point-in-time assessments to continuous, automated, and risk-informed execution by leveraging purpose-built engineering solutions, Python-based tooling, and Agentic workflows.
  • Enable executive and board-ready cyber risk insights grounded in quantitative and business-relevant data, supported by automated data pipelines and integrations.
  • Standardize and automate control mapping, testing, evidence collection, and risk reporting across frameworks and regulators through scalable API-driven architectures.
  • Act as the technical and architectural authority for ServiceNow IRM and adjacent GRC automation capabilities, including custom-developed integrations and Agentic automation agents.
  • Design, build, and evolve end-to-end GRC automation across risk, compliance, policy, and issue management domains — including writing and maintaining Python-based automation scripts, services, and tools.
  • Integrate GRC workflows with source systems (cloud platforms, vulnerability tools, IAM, SDLC, third-party systems) via RESTful APIs, webhooks, and event-driven integration patterns to reduce manual effort and improve data quality.
  • Architect and maintain a systems integration layer connecting GRC platforms to enterprise data sources, enabling real-time risk signal ingestion and automated control validation.
  • Partner with Cyber Risk leadership to operationalize quantitative and scenario-based risk analysis (e.g., FAIR-aligned methods).
  • Engineer automated pipelines for ingesting threat, vulnerability, asset, and business context data to support risk-based prioritization, leveraging Python data processing libraries (e.g., pandas, NumPy) and integration APIs, and Agentic work flows.
  • Translate regulatory and framework requirements into automated, testable, and traceable controls, implementing these as code-driven workflows and API-integrated monitoring checks.
  • Implement continuous control monitoring and evidence refresh to support ISO, SOX, SOC, and regulatory audits, using automated evidence collection scripts and scheduled integrations.
  • Reduce audit fatigue by standardizing artifacts, workflows, and control narratives across compliance programs.
  • Partner with Internal Audit and external auditors to improve transparency, timeliness, and defensibility of GRC outputs.
  • Design, develop, and maintain RESTful and GraphQL APIs that expose GRC data and capabilities to downstream consumers including dashboards, reporting tools, and integrated enterprise systems.
  • Own the end-to-end systems integration architecture connecting GRC platforms to security tools, cloud environments, HR systems, asset management, and third-party risk platforms.
  • Establish and enforce API governance standards, including versioning, authentication, documentation (OpenAPI/Swagger), and rate management.
  • Build and maintain integration middleware, ETL pipelines, and event-driven connectors to ensure consistent, reliable data flows across GRC systems.
  • Serve as a trusted advisor to security, IT, engineering, and business leaders on risk-based automation, control design, and engineering best practices for GRC tooling.
  • Translate technical implementations — including architecture diagrams, API designs, and automation logic — into clear, executive-ready narratives for leadership consumption.

Qualifications

  • Required: Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Engineering, Risk Management, or related field. 10+ years of experience across cybersecurity, risk management, GRC, or security architecture roles — with at least 3–5 years in a hands-on engineering or software development capacity.
  • Preferred: Master's degree in a related field. Experience with FAIR or quantitative risk methods. Hands-on experience with Agentic AI development — building and deploying autonomous agents for task automation, decision support, or workflow orchestration. Familiarity with LLM orchestration frameworks (LangChain, LangGraph, AutoGen, CrewAI, or similar). Experience with Python data and automation libraries (pandas, NumPy, FastAPI, Celery, Airflow, etc.). Experience with API gateway tooling, integration platforms (e.g., MuleSoft, Boomi, Workato), or message broker systems (Kafka, RabbitMQ). Hands-on experience with AI, data analytics, or workflow automation applied to GRC use cases. Professional certifications (CISSP, CISM, CRISC, Open FAIR).

Similar jobs