Senior Information Security Engineer

Job Summary

A company is looking for a Senior Information Security Engineer focused on Governance, Risk, and Compliance (GRC).

Key Responsibilities

• Baseline control library and implement evidence collection pipelines for security controls
• Lead SOC 2 Type II audit cycle and roll out vendor risk management workflows
• Drive PCI DSS certification readiness and establish KPIs/KRIs for control effectiveness

Required Qualifications

• 5+ years in GRC, security engineering, or risk management within SaaS or fintech environments
• Experience with SOC 2 Type II and ISO 27001, including evidence automation
• Understanding of cloud security controls across AWS and modern CI/CD
• Knowledge of secure SDLC, vulnerability management, and third-party risk
• Experience with privacy programs, PCI readiness, or financial services regulations is a plus