Senior GRC Engineer
CommitUkraine8 days ago
Full-timeRemote FriendlyEngineering, Information Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
We’re looking for a Governance, Risk, and Compliance (GRC) Engineer who wants to play a hands-on role in strengthening security and compliance across fast-moving projects. You’ll work directly with frameworks like EAR, ITAR, ISO 27001, and NIST 800-171, ensuring that systems are not only compliant but also resilient and scalable.
This role is ideal if you enjoy combining technical skills with regulatory expertise. You’ll conduct audits, run risk assessments, and help automate compliance checks, while collaborating with engineers, legal teams, and security specialists. It’s a chance to take ownership, shape processes, and make a visible impact on how we and our clients build securely.
Responsibilities
This role is ideal if you enjoy combining technical skills with regulatory expertise. You’ll conduct audits, run risk assessments, and help automate compliance checks, while collaborating with engineers, legal teams, and security specialists. It’s a chance to take ownership, shape processes, and make a visible impact on how we and our clients build securely.
Responsibilities
- Lead audits and assessments to ensure compliance with EAR, ITAR, ISO 27001, NIST 800-171, and future security frameworks.
- Operate and improve our Information Security Management System, coordinating tasks with engineering, legal, and operations teams.
- Design, implement, and manage GRC tools to streamline risk assessments, compliance monitoring, and incident management.
- Automate auditing and compliance tasks using scripting or lightweight tooling (e.g., Python, Bash, Go).
- Develop, document, and maintain security policies, risk treatment procedures, and compliance reports.
- Train and guide staff on compliance requirements, export controls, and security standards.
- Partner with cross-functional teams to resolve compliance issues and implement corrective action plans.
- Monitor regulatory changes and update internal processes and documentation accordingly.
- Support external and internal audits, including evidence gathering and stakeholder coordination.
- Provide feedback to improve risk mitigation strategies and overall security posture.
- 3–5 years of hands-on experience in IT, security, GRC, or compliance roles.
- Strong working knowledge of EAR, ITAR, ISO 27001, NIST 800-171, and familiarity with NIST 800-53.
- Practical experience implementing and managing GRC tools and platforms, SIEM solutions, or vulnerability management systems.
- Ability to automate compliance and auditing tasks using scripting languages such as Python, Bash, or Go.
- Experience conducting risk analyses, drafting corrective action plans, and driving risk treatment processes.
- Familiarity with security frameworks in cloud and hybrid environments (AWS preferred).
- Experience collaborating with internal and external auditors, including gathering and presenting audit evidence.
- Strong technical writing skills for developing policies, compliance documentation, and security reports.
- Bonus: Professional certifications like CISSP, CISA, CRISC, or similar.
Key Skills
Ranked by relevanceReady to apply?
Join Commit and take your career to the next level!
Application takes less than 5 minutes