GRC Engineer - Risk and Assurance - Remote

Overview

As our GRC Engineer in Risk and Assurance at OnePay, you will support the Security team with a focus on third-party risk management (TPRM), while also contributing to vulnerability and patch management, reviewing cloud security findings, data governance and privacy, and audit support.

In Short

• Drive and support the third-party risk management (TPRM) process
• Collaborate on vendor assessments and contract reviews tied to business deals
• Assist with vulnerability and patch management operations and process implementation
• Support the review of cloud security findings and remediation workflows
• Assist in the implementation of new systems and applications from a security perspective
• Help build the data governance and privacy program in conjunction with legal and business stakeholders
• Contribute to security compliance activities and internal & external audits

Requirements

• 6+ years of experience in security governance, cloud and application security assessments, risk management, and/or third party risk.
• Strong knowledge of various industry standard frameworks such as NIST, FFIEC, SOC 2, PCI DSS, HiTrust, etc.
• Thorough knowledge of enterprise-scale security architecture, cloud security, and application security best practices.
• Domain knowledge of multiple disciplines including IT systems, networking, security, and compliance.
• Familiarity with containerization technologies (e.g., Docker, Kubernetes) and CI/CD pipelines.
• Excellent written and verbal communication skills, with the ability to convey technical concepts to both technical and non-technical audiences.
• Strong analytical and problem-solving skills with the ability to work independently and as part of a team.
• Relevant certifications such as AWS Certified Security Specialty, Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CCSP) are a plus.

Benefits

• Competitive cash
• Benefits effective on day one
• Early access to a high potential, high growth fintech
• Generous stock option packages in an early-stage startup
• Remote friendly (anywhere in the US) and office friendly - you pick the schedule
• Flexible time off programs - vacation, sick, paid parental leave, and paid caregiver leave
• 401(k) plan with match