Grc Engineer

Summary

Join OnePay as a GRC Engineer in Risk and Assurance, supporting the Security team in third-party risk management (TPRM), vulnerability and patch management, cloud security findings review, data governance and privacy, and audit support. This hybrid security role offers opportunities for growth within a seasoned team. You will drive the TPRM process, collaborate on vendor assessments and contract reviews, assist with vulnerability management, support cloud security findings review, assist in implementing new systems, help build the data governance and privacy program, and contribute to security compliance and audits. The role requires 3-7 years of experience in security governance, cloud and application security assessments, risk management, and/or third-party risk, along with strong knowledge of industry standard frameworks. Competitive compensation and benefits are offered, including remote work flexibility.

Requirements

• 3-7 years of experience in security governance, cloud and application security assessments, risk management, and/or third party risk
• Strong knowledge of various industry standard frameworks such as NIST, FFIEC, SOC 2, PCI DSS, HiTrust, etc
• Thorough knowledge of enterprise-scale security architecture, cloud security, and application security best practices
• Domain knowledge of multiple disciplines including IT systems, networking, security, and compliance
• Familiarity with containerization technologies (e.g., Docker, Kubernetes) and CI/CD pipelines
• Excellent written and verbal communication skills, with the ability to convey technical concepts to both technical and non-technical audiences
• Strong analytical and problem-solving skills with the ability to work independently and as part of a team

Responsibilities

• Drive and support the third-party risk management (TPRM) process
• Collaborate on vendor assessments and contract reviews tied to business deals
• Assist with vulnerability and patch management operations and process implementation
• Support the review of cloud security findings and remediation workflows
• Assist in the implementation of new systems and applications from a security perspective
• Help build the data governance and privacy program in conjunction with legal and business stakeholders
• Contribute to security compliance activities and internal & external audits

Preferred Qualifications

Relevant certifications such as AWS Certified Security Specialty, Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CCSP) are a plus

Benefits

• Competitive cash
• Benefits effective on day one
• Early access to a high potential, high growth fintech
• Generous stock option packages in an early-stage startup
• Remote friendly (anywhere in the US) and office friendly - you pick the schedule
• Flexible time off programs - vacation, sick, paid parental leave, and paid caregiver leave
• 401(k) plan with match