Senior Information Security Engineer

A company is looking for a Senior Information Security Engineer focused on Governance, Risk, and Compliance (GRC).

Key Responsibilities

Baseline control library and implement evidence collection pipelines for security controls

Lead SOC 2 Type II audit cycle and roll out vendor risk management workflows

Drive PCI DSS certification readiness and establish KPIs / KRIs for control effectiveness

Required Qualifications

5+ years in GRC, security engineering, or risk management within SaaS or fintech environments

Experience with SOC 2 Type II and ISO 27001, including evidence automation

Understanding of cloud security controls across AWS and modern CI / CD

Knowledge of secure SDLC, vulnerability management, and third-party risk

Experience with privacy programs, PCI readiness, or financial services regulations is a plus