Security GRC Engineer

Risk Management

• Conduct security reviews of vendors and external partners, including questionnaire assessments, evidence validation, and control evaluation
• Analyze SOC 1 and SOC 2 reports, penetration testing documentation, and related security materials
• Identify gaps in security controls, clearly outlining associated risks, potential impacts, and remediation strategies
• Assist with vendor onboarding, contract renewals, and risk exception handling
• Partner with procurement, legal, and business units to embed security and privacy standards throughout the vendor lifecycle

Stakeholder & Client Engagement

• Prepare detailed, well-structured responses to client questionnaires, RFPs, and due diligence inquiries
• Translate technical security concepts into clear, accessible language for non-technical audiences
• Work cross-functionally to maintain consistent and accurate security messaging

Security Engineering & Operations

• Provide advanced support for security-related technical issues requiring deeper analysis or architectural insight
• Support the assessment and optimization of security controls across identity, cloud, endpoint, and email environments
• Participate in incident response efforts, including investigation, impact assessment, and post-incident reviews

Platforms and Tools

• Microsoft Azure and Entra ID (Azure AD)
• Identity protection, conditional access, and access governance tools
• Microsoft Intune for endpoint management
• Microsoft Defender suite (Endpoint, Cloud, and Cloud Apps)
• Microsoft Purview for data governance and protection
• Proofpoint email security solutions
• Zscaler for zero trust and secure internet access
• Digital risk monitoring and brand protection tools

Risk Documentation

• Document findings from risk assessments and track remediation progress
• Contribute to the development and maintenance of security policies, standards, and procedures
• Support continuous improvement initiatives across third-party risk management and cloud security

Qualifications

• Bachelor's degree required
• 2 years of experience working with Microsoft security technologies (Azure, Entra ID, Defender, Intune, Purview), or 5+ years with comparable platforms
• Experience conducting third-party risk assessments and completing security questionnaires
• Strong communication skills, both written and verbal, with the ability to engage technical and non-technical audiences
• Solid understanding of cloud, identity, and endpoint security principles
• Ability to evaluate technical configurations and translate them into meaningful risk insights
• Strong organizational skills and ability to manage competing priorities in a fast-paced environment
• Capable of working both independently and collaboratively

Preferred Qualifications

• Familiarity with security frameworks such as NIST CSF, ISO 27001, or SOC 2
• Background working in regulated industries or client-facing roles
• Relevant certifications such as CISSP, CCSP, AZ-500, SC-200, or SC-300