GRC Engineer - CISM/CISA/CISSP Certified (7-10 yrs)

Notice period - Immediate to Max 30 days

About Client & Project :

Today's financial infrastructure is archaic, expensive, inefficient and risky supporting a system that leaves out more people than it lets in. So were rebuilding it.

We're on a mission to open the worlds financial system to everyone by enabling the instant movement of any asset, any time, in a trustworthy way. For over a decade, we've built blockchain infrastructure that tokenizes, custodies, trades and settles assets for the worlds leading financial institutions, like PayPal, Venmo, Mastercard and Interactive Brokers.

About the team :

The GRC Engineering team play a crucial role in managing and maintaining our governance, risk, and compliance framework. The ideal candidate will possess a solid background in information security, risk management, and regulatory compliance. As a GRC Engineer, you will work to ensure that our organization adheres to internal policies, external regulations, and industry best practices, safeguarding our information systems and building trust with clients..

About the role :

We are seeking an experienced GRC Engineer to join our team at, a leader in blockchain technology and solutions. The ideal candidate will play a crucial role in managing and maintaining our governance, risk, and compliance framework. The ideal candidate will possess a solid background in information security, risk management, and regulatory compliance. As a GRC Engineer, you will work to ensure that our organization adheres to internal policies, external regulations, and industry best practices, safeguarding our information systems and building trust with clients...

Responsibilities :

- Risk Management : Identify, assess, and manage risks across the organization. Develop risk mitigation plans and strategies to minimize potential impact.

- Policy & Compliance Management : Design, implement, and maintain policies and procedures to ensure compliance with relevant regulations (e.g., GDPR, CCPA, SOX, ISO 27001).

- Audit Support : Support internal and external audits by providing necessary documentation, evidence, and insights into security controls and compliance measures.

- Incident Response : Assist with incident response efforts, ensuring that incidents are handled in accordance with compliance requirements. Analyze incidents to identify areas for improvement in policies or risk management.

- Monitoring & Reporting : Continuously monitor compliance status and create regular reports on GRC metrics. Provide updates on risk and compliance issues to leadership.

- Awareness Training : Collaborate with the security team to provide security awareness and GRC training programs for employees, promoting a culture of compliance.

- Stakeholder Collaboration : Work closely with IT, security, legal, and other teams to ensure that GRC initiatives align with business objectives and that risk management efforts are effective.

- Continuous Improvement : Stay updated on GRC-related standards and emerging regulations. Recommend enhancements to GRC processes and practices to adapt to changes in regulatory environments.

Requirements:

- Educational Background : Bachelors degree in Computer Science, Information Security, Business administration or a related field.

- Experience : Minimum of 7 years of experience in GRC, information security, or a related role..

Technical Skills :

- Experience with GRC software tools (e.g., RSA Archer, ServiceNow GRC, MetricStream).

- Strong understanding of compliance frameworks and standards (e.g., ISO 27001, NIST, PCI-DSS).

- Familiarity with risk assessment methodologies and control frameworks (e.g., COSO, COBIT).

- Knowledge of information security concepts, including data privacy, encryption, and access management.

Soft Skills : Analytical mindset, attention to detail, strong communication and report-writing skills, ability to collaborate with multiple teams, and problem-solving abilities.

Preferred Qualifications :

- Relevant certifications, such as CISM, CISA, CRISC, or CISSP.

- Experience with regulatory compliance and frameworks in industries such as finance, healthcare, or technology.

- Familiarity with cloud security and SaaS GRC tools.