Frontdoor, Inc.Remote
Sr Security Engineer L5 (IT GRC)
United States
Full-time
1 week ago
$124,000 - $150,000 USD
H1B Sponsor
Key skills
SDLCCI/CDLeadershipRisk ManagementCommunicationCollaborationCloud Security
About this role
Frontdoor is reimagining how homeowners maintain and repair their homes. As an L5 Sr Security Engineer in IT GRC, you will lead complex security, risk, and compliance initiatives while serving as a subject-matter expert across multiple security domains.
Responsibilities:
- Design governance artifacts (policies, standards, control catalogs)
- Perform advanced risk analysis and core digital process gap assessments
- Drive complex risk remediation across the enterprise
- Implement and enhance security controls across complex systems in a cloud environment
- Lead large-scale audits or readiness assessments (SOX, PCI-DSS, SOC 2)
- Serve as SME across multiple domains:
- Cloud Security and Governance
- Security by Design and SDLC
- Third Party Risk Management
- Vulnerability Management
- Identity and Access Management
- Strong collaboration with engineering to implement secure coding practices and CI/CD controls
- Lead complex risk assessments, risk remediations, and vendor risk reviews
- Provide SME guidance in security architecture and change review forums
- Define KPIs, capabilities, and competencies for GRC maturity across the organization
- Coach team in bridging gaps between key stakeholders within the enterprise and GRC disciplines
Requirements:
- 8–10+ years in GRC, cybersecurity, audit, or risk management
- Minimum of one professional certification (CISA, CRISC, CISSP, CGRC, CDPSE, CISM)
- Strategic thinker with leadership presence
- Executive level communication and strategic influence
- Strong experience leading PCI-DSS and SOX compliance efforts
- Deep understanding of cloud platforms, networking, application, database, and operating systems to assess security gaps
- Familiarity with GRC software to manage, document, and report on compliance metrics
- Ability to proactively identify emerging risks
- Ability to operate independently with sound judgment
- Ability to translate complex technical vulnerabilities and control deficiencies into actionable business risk remediation plans for stakeholders
- Ability to champion GRC program improvements
- Create repeatable automation patterns that other teams leverage
- Build automation scripts & integrations
- Create detection & VM pipeline enhancements
- Develop future‑state models for risk, governance, and control effectiveness
- Advise leadership on risk posture, emergent threats, and governance