Remote GRC Engineer (Cloud & Application Security)

Description:

• As a GRC Engineer (Cloud & Application Security), you will define and implement the overall strategy for One’s Information Security program.
• You will identify control gaps and lead initiatives to remediate such gaps.
• Your responsibilities include designing, overseeing, and executing One’s information security risk management processes.
• You will define security standards and policies, perform internal and external security assessments, and manage security risks.
• You will support audits conducted by independent parties and evaluate the security posture of cloud infrastructure and application security designs.
• Compliance with frameworks such as SOC 2 and PCI DSS controls will be a focus.
• You will proactively evaluate the security configurations of One’s applications and AWS services based on best practices.
• You will determine detailed remediation plans for security gaps and work with stakeholders to resolve them.
• You will define, publish, and maintain company-wide security standards based on industry best practices and evolving regulations.
• In-depth security assessments of third-party hosted applications and systems will be performed, providing security recommendations for integration.
• You will collaborate with team members on security reviews of new product features, system architectures, and business processes.
• Ongoing information security audit initiatives and compliance projects will be supported.
• You will provide guidance and training to internal teams on information security, AWS security, and compliance requirements.
• Engaging with technology and business teams as a consultant for security-related issues affecting One’s product features will be part of your role.

Requirements:

• You must have 5+ years of experience in security governance, cloud and application security assessments, risk management, and/or third-party risk.
• A strong knowledge of industry standard frameworks such as NIST, FFIEC, SOC 2, PCI DSS, and HiTrust is required.
• You should possess thorough knowledge of enterprise-scale security architecture, cloud security, and application security best practices.
• Domain knowledge in IT systems, networking, security, and compliance is necessary.
• Familiarity with containerization technologies (e.g., Docker, Kubernetes) and CI/CD pipelines is expected.
• Excellent written and verbal communication skills are essential, with the ability to convey technical concepts to both technical and non-technical audiences.
• Strong analytical and problem-solving skills are required, with the ability to work independently and as part of a team.
• Relevant certifications such as AWS Certified Security Specialty, CISSP, or CCSP are a plus.

Benefits:

• You will receive competitive cash compensation.
• Benefits will be effective on day one of your employment.
• You will have early access to a high potential, high growth fintech environment.
• Generous stock option packages will be provided in an early-stage startup.
• The position is remote friendly (anywhere in the US) and office friendly, allowing you to choose your schedule.
• Flexible time off programs will be available, including vacation, sick leave, paid parental leave, and paid caregiver leave.
• A 401(k) plan with a match will be offered.