Principal Security Engineer - GRC

GoDaddy is empowering everyday entrepreneurs around the world by providing the help and tools to succeed online. They are looking for a Principal Risk Engineer with security risk management experience to build and manage a Security Controls framework, perform gap assessments, and lead security initiatives across the organization.

Responsibilities:

• Build and manage a Security Controls framework that encompasses the regulatory and industry compliance frameworks we follow
• Perform targeted gap assessments to identify any deviations from the control framework
• Propose and manage enterprise-wide security campaigns for managing deviations to reduce risk
• Partner with other InfoSec teams and Engineering teams to define and prioritize security initiatives and investments guided by risk assessment principles
• Align risk management initiatives with applicable compliance regulations

Requirements:

• 10+ years of professional experience in Information Security or related fields such as Information Technology, IT Audit, etc
• 6+ years of dynamic experience managing programs related to information security and information security audits
• Experience building unified security controls frameworks
• Experience managing audits applying compliance frameworks such as PCI DSS, NIST CSF, NIST 800-53, ISO, SOC-2 etc
• Executive reporting on the status of security programs and campaigns
• Experience in Security Engineering concepts such as Threat modeling and architecture reviews
• Experience with auditing cloud infrastructure such as AWS
• A bachelor's degree in computer science or related field
• Certifications like PCI ISA, CISA, CRISC, ISO Lead Assessor, CISSP, etc
• Experience working at a Big 4 Audit firm(s)