Senior Security Engineer, GRC

Summary

Join Docker's remote-first team as a Senior Security GRC Engineer, leading the development and maintenance of comprehensive GRC strategies. You will build automated evidence gathering and continuous control testing, partnering with internal/external auditors and stakeholders. Responsibilities include optimizing compliance monitoring, performing data security reviews, ensuring effective controls, managing vulnerability programs, and maintaining security policies and procedures. You will also build and operate the company's risk assessment platform and evaluate vendors against compliance standards. This role requires 6-8 years of experience in IT, security engineering, and GRC, along with strong knowledge of information security risk management and technologies. The ideal candidate will have experience with various frameworks (ISO 27001, 27018, 27701) and excellent communication skills.

Requirements

• Have 6 to 8 years of experience in Information Technology, Security Engineering, Governance, Risk and Compliance
• Will have familiarity setting up APIs and Webhooks, at least one scripting language, and at least one public cloud architecture and control tool
• Experience conducting security compliance reviews and audits for SaaS products and hosted environments including AWS and Azure
• Have strong knowledge of information security risk management and information security technologies (e.g: SIEM, vulnerability management, data loss prevention and /or endpoint protection)
• Thrive in fast-paced environments and can adapt quickly in the face of constantly evolving cybersecurity challenges
• Strong project management skills with the ability to lead and execute security assessment projects, vendor evaluations and initiatives on time with multiple stakeholders
• Enjoy fostering collaboration and cross-functional partnerships to help spread awareness and
• Build and implementation of cybersecurity controls
• Have experience in-depth knowledge and experience of cybersecurity frameworks including ISO 27001, 27701 and 27018
• Experience with the entire controls monitoring lifecycle, including identifying, assessing, monitoring, and remediating controls
• Excellent verbal and written communication skills with the ability to document, communicate, and report security assessments
• Serve as the subject matter expert and provide technical leadership and feedback for compliance / GRC projects
• Appropriately handling and managing confidential information including proprietary and trade secret information
• Stay up-to-date with changes in regulations, standards, and emerging regulatory requirements and ensure compliance

Responsibilities

• Lead the development, implementation and maintenance of comprehensive GRC strategies
• Build automated evidence gathering and continuous control testing through integrations maturing our governance program
• Establish partnerships with internal/external auditors, regulators, business stakeholders develop security requirements and controls
• Optimize security compliance monitoring and alerting systems; aggregate compliance alerts and advise on system policy violations
• Perform critical data security reviews over newly released products and features
• Ensure controls are operating effectively via assessment and attestation
• Own the vulnerability management program to identify and provide guidance for improvements
• Security Metrics - Uses automated and manual processes to produce relevant KPIs about the Information security program
• Policies and Procedures - Maintains corporate Information Security policies and departmental procedures and maps them to relevant control standards
• Recertification - Operates periodic processes to hire, transfer, and termination protocols are complied with and regular access reviews are conducted
• Security Awareness - Builds and maintains company awareness and education progress
• Risk Assessment - Builds and operates the company platform to document, measure, and report assessments, risks, controls findings, and remediation activity
• Draft policies and best practices that will be consumed by the entire organization
• Maintain knowledge of certifications and controls such as SOC 2, ISO 27001 / ISO 27018, and 27701
• Evaluate vendors against compliance and security standards

Preferred Qualifications

Relevant industry certifications such as CISSP, CISA, CRISC

Benefits

• Freedom & flexibility; fit your work around your life
• Designated quarterly Whaleness Days
• Home office setup; we want you comfortable while you work
• 16 weeks of paid Parental leave
• Technology stipend equivalent to $100 net/month
• PTO plan that encourages you to take time to do the things you enjoy
• Quarterly, company-wide hackathons
• Training stipend for conferences, courses and classes
• Equity; we are a growing start-up and want all employees to have a share in the success of the company
• Docker Swag
• Medical benefits, retirement and holidays vary by country