Key skills
Information SecurityInformation Technology AuditSecurity Controls FrameworkPCI DSSNIST Cybersecurity FrameworkNIST SP 800-53ISO 27001SOC 2AWSThreat ModelingAccess ManagementEncryptionAutomated Compliance SystemsCISSPCISACISMCRISCPCI QSAISO Lead AssessorServiceNowJiraLeadershipMentoring
About this role
GoDaddy is empowering everyday entrepreneurs around the world by providing the help and tools to succeed online. The Principal Security Engineer in the InfoSec GRC team will lead the development of a unified security controls framework, manage compliance audits, and collaborate with various teams to address security risks and improve audit readiness.
Responsibilities:
- Support a team of GRC compliance specialists in helping to build and manage a unified security controls framework that supports regulatory and industry compliance requirements
- Perform targeted gap assessments across business units to support new regulatory frameworks
- Partner with engineering, product, legal, and other security teams to identify control gaps, evaluate compensating controls, and reduce risk
- Support internal and external audits across frameworks such as PCI DSS, SOC 2, ISO 27001, and other applicable regulations
- Develop reporting and present security risks, audit status, and remediation priorities to senior leadership, including the Chief Information Security Officer
- Drive scalable risk-based processes for exception management, risk acceptance workflows, and broader governance initiatives
- Remove roadblocks across the team in addition to providing training and mentoring support across the team and within the larger information security organization
Requirements:
- 10+ years of professional experience in information security, information technology, information technology audit, or related fields
- 6+ years of professional experience managing information security programs, audits, or formal assessment activities
- Experience building unified security controls frameworks across multiple compliance and regulatory standards
- Experience managing or performing audits using frameworks such as PCI DSS, NIST Cybersecurity Framework, NIST SP 800-53, ISO 27001, and SOC 2
- Experience assessing cloud environments such as AWS and applying core security engineering concepts such as threat modeling, architecture reviews, access management, and encryption
- Experience presenting audit results, risk posture, and remediation priorities to executive stakeholders
- Experience in automating, scripting, or designing automated compliance systems
- Certifications such as CISSP, CISA, CISM, CRISC, PCI QSA, or ISO Lead Assessor
- Experience working with Big Four audit firms and governance, risk, and compliance tools such as ServiceNow and Jira