Senior Security Engineer – Governance, Risk & Compliance (GRC)

The Judge Group is seeking a Senior Security Engineer to lead and manage the Governance, Risk & Compliance (GRC) program within the Risk Management IPS team. This role is responsible for GRC strategy, risk assessments, security policy management, and ensuring compliance with applicable regulatory and industry standards.

Responsibilities:

• Own, manage, and mature the enterprise GRC program, including control mapping, risk assessments, and compliance tracking
• Perform formal risk assessments using defined methodologies and document findings and remediation plans
• Develop, review, and maintain security policies, standards, and standard work instructions (SWIs)
• Ensure ongoing compliance with regulatory and industry frameworks such as NERC, SOX, PCI DSS, TSA, and GDPR
• Implement, configure, and manage GRC platforms (e.g., ServiceNow GRC, SAP GRC)
• Translate technical security and compliance requirements into clear, actionable business language for leadership and stakeholders

Requirements:

• 5–10 years of experience in Security Governance, Risk, and Compliance (GRC)
• Strong expertise in GRC program management, policy lifecycle management, and risk management
• Hands-on experience with control mapping and compliance audits
• Knowledge of security frameworks such as NIST CSF and ISO-aligned controls
• Practical experience using GRC tools (ServiceNow GRC, SAP GRC, or similar)
• Excellent written and verbal communication skills, including technical documentation
• Experience in the utilities or energy sector
• Knowledge of Operational Technology (OT) and IT environments
• Experience building or maturing GRC programs from early or mid-stage maturity