Senior Grc Security Engineer

Job Purpose:
As a Senior Security GRC Engineer at Instabug, you will be responsible for leading and optimizing the organization’s Security Governance, Risk, and Compliance (GRC) program. This role encompasses conducting risk assessments, developing and implementing risk mitigation strategies, and managing remediation plans. You will oversee threat modeling, internal audits, vulnerability assessments, and compliance initiatives related to SOC 2 Type II, ISO 27001, and PCI-DSS standards. Additionally, you will manage governance processes for change, asset, and configuration management to ensure robust security and compliance practices. Serving as a critical interface, you will respond to customer inquiries and third-party risk management (TPRM) audits, including addressing questionnaires and surveys. You will also design and deliver security awareness programs and conduct security training for internal stakeholders. The role extends to assessing the security posture of Instabug’s vendors and ensuring alignment with the company’s security standards.

Job Responsibilities:

- Risk Management:

- Conduct comprehensive risk assessments and develop actionable risk mitigation strategies.
- Monitor and follow up on remediation plans to address identified vulnerabilities and risks
- Perform threat modeling to identify potential security weaknesses and improve system design.
- Compliance and Governance:

- Lead and execute internal audits to ensure adherence to SOC 2 Type II, ISO 27001, and PCI-DSS compliance standards.
- Oversee governance processes for change, asset, and configuration management to align with security best practices.
- Administer and maintain the organization’s compliance with applicable regulatory and industry standards.
- Vulnerability Management:

- Conduct vulnerability assessments and oversee the vulnerability management lifecycle.
- Customer and Third-Party Engagement:

- Respond to third-party risk management (TPRM) surveys, questionnaires, and audits.
- Collaborate and engage with customers to address security inquiries and ensure satisfaction with Instabug’s security posture.
- Training and Awareness:

- Develop and deliver security awareness programs, training materials, and workshops for internal stakeholders.
- Vendor Management:

- Perform TPRM assessments for Instabug's vendors and third-party providers to evaluate and enhance their security posture.
- Evaluate and assess the security posture of vendors and third-party providers through TPRM assessments.
- Collaborate with cross-functional teams to promote a security-first culture across the organization.
Working with agile practices in an agile environment with a customer focused acumen

Job Requirements:

- A minimum of 5-8 years of professional experience in Security GRC, including hands-on experience in risk assessments, vulnerability management, and compliance initiatives.
- Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor/Implementer, or PCI-DSS QSA are highly preferred.
- Proficient in conducting risk assessments, threat modeling, and internal auditing.
- Strong understanding of SOC 2 Type II, ISO 27001, and PCI-DSS standards and audit processes.
- Experience in vulnerability assessment tools and techniques.
- Experience with and extensive knowledge of security standards such as NIST, ISO, and COBIT.
- Experience and knowledge of privacy program principles are a plus.
- Excellent communication and interpersonal skills for customer engagement and cross-team collaboration.
- Strong analytical and problem-solving abilities.Fluent in English, with strong written and verbal communication skills.

Bonus:

- Proven ability to develop and deliver engaging security awareness programs.
- Experience in TPRM processes, including vendor assessments.
- Working experience with the Atlassian tool suite (i.e., Jira Agile) or similar.
- Excellent experience in Agile Development methodology.
- Knowledge of cloud computing and cloud security principles is a plus.