Cyber Security Specialist

Role: GRC/Cybersecurity Engineer

Location: Fountain Valley, CA

Work Type: Hybrid 3-4 days on-site at Fountain Valley CA

Contract Type: W2 or Corp to Corp

We are seeking a dedicated and experienced Cybersecurity GRC Engineer to join our growing team. As a GRC Engineer, you will play a key role in ensuring that our organization's cybersecurity posture is aligned with industry regulations, standards, and best practices.

You will be responsible for managing and improving the Governance, Risk, and Compliance frameworks within the company, ensuring we meet internal policies, external regulatory requirements, and industry standards.

Key Responsibilities:

Governance & Policy Management:

o Develop, implement, and maintain cybersecurity governance frameworks and policies to ensure compliance with industry standards (e.g., NIST, ISO 27001, GDPR, HIPAA).

o Collaborate with business units to define and align cybersecurity governance and risk management strategies with organizational goals.

o Drive the creation and implementation of cybersecurity policies, standards, and guidelines.

Risk Management:

o Perform regular risk assessments to identify vulnerabilities and gaps in the current security posture.

o Develop and manage the enterprise-wide risk management strategy.

o Lead risk mitigation efforts and ensure proper documentation of risk treatments, controls, and residual risks.

o Collaborate with IT, operations, and other teams to implement appropriate security controls to mitigate risks.

Compliance & Regulatory Reporting:

o Ensure the organization complies with relevant cybersecurity laws, regulations, and industry standards.

o Maintain an understanding of applicable regulations and standards (e.g., SOC 2, PCI DSS, GDPR) and ensure alignment with cybersecurity strategies and practices.

o Support external audits and compliance assessments, including preparing required documentation and reporting. HMG Only

o Track and report on compliance metrics, identifying areas for improvement.

Continuous Improvement & Incident Management:

o Drive continuous improvement of the GRC program by evaluating and recommending enhancements.

o Assist with the identification and management of cybersecurity incidents, ensuring alignment with incident response policies and procedures.

o Work closely with other teams (e.g., security operations, legal, IT) to ensure timely resolution of compliance-related issues or incidents.

Training & Awareness:

o Provide ongoing education and awareness programs to staff on cybersecurity risks, policies, and best practices.

o Act as a subject matter expert (SME) for governance, risk management, and compliance inquiries across the organization.

Reporting & Documentation:

o Develop and deliver regular reports to senior management and stakeholders on GRCrelated performance, issues, and progress.

o Maintain clear, organized documentation of GRC processes, decisions, and activities.

Skills and Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).

• Proven experience in a Cybersecurity GRC Engineer role or similar position.

• Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, SOC 2, PCI DSS).

• Experience with risk management practices, tools, and methodologies.

• Hands-on experience with GRC platforms and tools (e.g., RSA Archer, MetricStream, ServiceNow).

• In-depth knowledge of data privacy laws and regulations (GDPR, CCPA, HIPAA, etc.).

• Familiarity with regulatory compliance and audit processes.

• Strong analytical, problem-solving, and critical-thinking skills.

• Excellent written and verbal communication skills, with the ability to present complex topics to both technical and non-technical stakeholders.

• Strong attention to detail and ability to manage multiple projects simultaneously.

Preferred Qualifications:

• Certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control).

• Experience with cloud security compliance (e.g., AWS, Azure, Google Cloud).

• Knowledge of automated compliance monitoring tools.