Senior Network Security Engineer - GRC

S3 is a growing cybersecurity team within the energy sector, seeking an experienced Senior Network Security Engineer specializing in Governance, Risk & Compliance (GRC). The role involves driving security governance initiatives, managing risk, and ensuring compliance with industry regulations and frameworks.

Responsibilities:

• Lead and manage the security governance and policy lifecycle, including development, review, and maintenance of policies, standards, and standard work instructions (SWIs)
• Conduct risk assessments and support enterprise risk management initiatives
• Perform control mapping across multiple regulatory and security frameworks
• Ensure compliance with key regulatory requirements including:
• NERC
• PCI
• TSA
• SOX
• GDPR
• Align organizational controls with established security frameworks such as:
• NIST Cybersecurity Framework (CSF)
• ISO-based controls
• Collaborate cross-functionally with IT, security, and business teams to ensure compliance objectives are met
• Utilize GRC tools (e.g., ServiceNow, SAP GRC) to track, manage, and report on compliance and risk posture

Requirements:

• 5–10 years of experience in Security Governance, Risk & Compliance (GRC)
• Strong understanding of: Policy vs. standards vs. procedures/SWIs
• Risk management methodologies
• Regulatory compliance requirements
• Hands-on experience with GRC platforms such as ServiceNow or SAP GRC
• Proven ability to perform risk assessments and control mapping
• Familiarity with NIST CSF and ISO-aligned frameworks
• Excellent written and verbal communication skills
• Strong ability to develop technical policies and standards
• Ability to translate complex security concepts into clear business language
• Collaborative mindset with strong stakeholder engagement skills
• Experience in the utility, energy, or OT/IT environments
• Understanding of operational technology (OT) security principles