Senior GRC Engineering Analyst
Deltek · United States · 3 mo ago
RemoteRemoteEngineering$76k–$134k/yrFull-time
About the role
As a Senior GRC Engineering Analyst, you will ensure Deltek’s cloud environments and information systems meet security and compliance obligations by testing technical controls, supporting audits, and maturing core GRC services.
Responsibilities
- Ensure Deltek’s cloud environments and information systems meet security and compliance obligations by testing technical controls, supporting audits, and maturing core GRC services.
- Partner with Cloud Operations, Product Security, Platform Delivery, and Security Operations to translate requirements into test procedures, produce audit-ready artifacts, and drive remediation.
- Lead audits and assessments with a key focus on engineering, technical control design, and control implementation aligned to frameworks/programs such as NIST 800-53 Rev. 5, FedRAMP, CMMC, ISO 27001, PCI DSS, SOC 1, and SOC 2.
- Test, validate, and document cloud control implementations across AWS, Azure, and OCI, including IAM, network segmentation, encryption/key management, logging/monitoring, vulnerability management, container security, infrastructure-as-code, and CI/CD pipelines.
- Partner with Security Engineering, Cloud Engineering, DevOps, IT, and Product teams to translate compliance requirements into scalable, automated, and auditable technical controls.
- Own assessment execution end-to-end, including scope definition, technical walkthroughs, control testing, evidence validation, issue tracking, remediation follow-up, and reporting.
- Design, maintain, and improve audit-ready artifacts, including control narratives, test procedures, evidence mappings, technical diagrams, implementation documentation, and control validation results.
- Facilitate technical walkthroughs with stakeholders and auditors; clearly explain control intent, system architecture, implementation details, evidence sources, and test results.
- Identify control gaps, assess technical risk and business impact, and drive remediation to closure with accountable engineering and control owners.
- Support continuous compliance through control automation, recurring evidence collection, control health monitoring, and integration with tools such as cloud security platforms, ticketing systems, SIEM, vulnerability management tools, and GRC platforms.
- Own or support key GRC services, including policy lifecycle, risk management, FedRAMP continuous monitoring, POA&M management, customer due diligence, security questionnaires, and audit readiness, with a focus on process improvement and automation.
- Build compliance metrics and reporting, including dashboards, scorecards, executive summaries, control health indicators, remediation trends, and audit readiness reporting.
- Develop or support automation scripts, queries, workflows, or integrations to streamline evidence collection, control testing, compliance monitoring, and reporting.
- Evaluate cloud services, system changes, and new technical implementations for compliance impact and advise teams on control requirements early in the design and deployment lifecycle.
- Maintain strong working knowledge of cloud security architecture, identity and access management, secure SDLC, infrastructure-as-code, logging/monitoring, vulnerability management, encryption, and change management practices.
Qualifications
- 3+ years of experience in GRC engineering, cloud security or compliance, IT audit/ITGC, Security Operations (SecOps), internal audit, IT risk management, or related fields, with hands-on experience implementing, validating, security tooling and assessing technical controls.
- Bachelor’s degree in information security, Computer Science, Informatics with Security, MIS, Engineering, or equivalent practical experience.
- Experience assessing and validating controls in one or more major cloud platforms, including AWS, Azure, or OCI.
- Practical OCI experience is preferred.
- Working knowledge of cloud security control areas such as IAM, logging and monitoring, encryption/key management, vulnerability management, network security, change management, secure SDLC, CI/CD, and infrastructure-as-code.
- Experience partnering with engineering, security, cloud operations, or platform teams to collect evidence, validate control implementation, identify gaps, and support remediation.
- Ability to review technical documentation, system configurations, screenshots, logs, tickets, diagrams, and other evidence to determine whether controls are operating effectively.
- Familiarity with one or more security and compliance frameworks, such as NIST 800-53, FedRAMP, CMMC, ISO 27001, PCI DSS, SOC 1, or SOC 2.
- Possess a security, audit, or cloud certification, such as CISA, CISSP, CCSK/CCAK, AWS, Azure, GCP, or OCI certification, or obtain one within 12 months.
- Candidates with relevant certification(s) already held are preferred.
- US Citizenship Is Required For This Position.
Core Competencies
- Excellent ability to: Self-manage time and priorities while working with minimal direction and supervision.
- Handle multiple competing priorities and projects.
- Resolve business and technical roadblocks independently through structured problem-solving.
- Think critically and apply strong analytical, written, verbal, and interpersonal communication skills.
- Collaborate effectively in a team environment and take directions from senior-level staff.
- Demonstrated initiative to learn through a combination of structured, on-the-job, and self-directed training.