Senior Security Engineer, GRC

Summary

Join Docker, a remote-first company experiencing rapid growth, as a Senior Security GRC Engineer. You will lead the development and implementation of comprehensive GRC strategies, automate control evidence gathering, and partner with internal/external stakeholders. This role requires strong security engineering expertise, experience with compliance frameworks (SOC 2, ISO 27001/27018/27701), and excellent communication skills. You will build and maintain security policies, conduct risk assessments, and ensure effective control operations. The ideal candidate possesses 6-8 years of relevant experience and thrives in fast-paced environments. Docker offers a variety of benefits, including parental leave, technology stipends, and professional development opportunities.

Requirements

• Have 6 to 8 years of experience in Information Technology, Security Engineering, Governance, Risk and Compliance
• Will have familiarity setting up APIs and Webhooks, at least one scripting language, and at least one public cloud architecture and control tool
• Experience conducting security compliance reviews and audits for SaaS products and hosted environments including AWS and Azure
• Have strong knowledge of information security risk management and information security technologies (e.g: SIEM, vulnerability management, data loss prevention and /or endpoint protection)
• Thrive in fast-paced environments and can adapt quickly in the face of constantly evolving cybersecurity challenges
• Strong project management skills with the ability to lead and execute security assessment projects, vendor evaluations and initiatives on time with multiple stakeholders
• Enjoy fostering collaboration and cross-functional partnerships to help spread awareness and
• Build and implementation of cybersecurity controls
• Have experience in-depth knowledge and experience of cybersecurity frameworks including ISO 27001, 27701 and 27018
• Experience with the entire controls monitoring lifecycle, including identifying, assessing, monitoring, and remediating controls
• Excellent verbal and written communication skills with the ability to document, communicate, and report security assessments
• Serve as the subject matter expert and provide technical leadership and feedback for compliance / GRC projects
• Appropriately handling and managing confidential information including proprietary and trade secret information
• Stay up-to-date with changes in regulations, standards, and emerging regulatory requirements and ensure compliance

Responsibilities

• Lead the development, implementation and maintenance of comprehensive GRC strategies
• Build automated evidence gathering and continuous control testing through integrations maturing our governance program
• Establish partnerships with internal/external auditors, regulators, business stakeholders develop security requirements and controls
• Optimize security compliance monitoring and alerting systems; aggregate compliance alerts and advise on system policy violations
• Perform critical data security reviews over newly released products and features
• Ensure controls are operating effectively via assessment and attestation
• Own the vulnerability management program to identify and provide guidance for improvements
• Security Metrics - Uses automated and manual processes to produce relevant KPIs about the Information security program
• Policies and Procedures - Maintains corporate Information Security policies and departmental procedures and maps them to relevant control standards
• Recertification - Operates periodic processes to hire, transfer, and termination protocols are complied with and regular access reviews are conducted
• Security Awareness - Builds and maintains company awareness and education progress
• Risk Assessment - Builds and operates the company platform to document, measure, and report assessments, risks, controls findings, and remediation activity
• Draft policies and best practices that will be consumed by the entire organization
• Maintain knowledge of certifications and controls such as SOC 2, ISO 27001 / ISO 27018, and 27701
• Evaluate vendors against compliance and security standards

Preferred Qualifications

Relevant industry certifications such as CISSP, CISA, CRISC

Benefits

• Freedom & flexibility; fit your work around your life
• Home office setup; we want you comfortable while you work
• 16 weeks of paid Parental leave
• Technology stipend equivalent to $100 net/month
• PTO plan that encourages you to take time to do the things you enjoy
• Quarterly, company-wide hackathons
• Training stipend for conferences, courses and classes
• Equity; we are a growing start-up and want all employees to have a share in the success of the company
• Docker Swag
• Medical benefits, retirement and holidays vary by country