GRC Engineer

Key Responsibilities
Job Summary
The company is seeking a GRC Engineer to build and formalize its Governance, Risk, and Compliance. This role will be responsible for designing security policies, managing risk assessments, driving compliance initiatives (ISO 27001, SOC 2 Type II), and strengthening privacy and physical security processes. The engineer will work closely with technical and business teams to ensure security requirements are embedded across all operations.
Risk Assessment & Management
- Develop metrics and dashboards for continuous monitoring of security risks.
- Collaborate with engineering, product, and business units to ensure risks are understood, prioritized, and addressed.
- Maintain the company’s risk register and ensure timely remediation and risk treatment planning.
- Lead periodic information security risk assessments across systems, infrastructure, and business processes.
Security Awareness & Training
- Work with HR to integrate security training into onboarding and staff development.
- Evaluate training effectiveness and recommend improvements to strengthen security culture.
- Design and deliver security awareness programs, including phishing simulations, annual training, and role- based education.
Security Policy & Procedure Development
- Support the rollout and enforcement of policies across teams and business units.
- Develop, maintain, and improve security policies, standards, and procedures across all departments.
- Ensure policies align with industry frameworks (NIST, ISO 27001) and regulatory requirements.
Physical Security
- Conduct risk assessments related to access control, surveillance, and asset protection.
- Collaborate with facilities and operations teams to assess physical security across stores, warehouses, and offices.
- Develop physical security guidelines and coordinate periodic audits.
Data Protection & Privacy
- Collaborate with legal and IT teams to support compliance with privacy regulations.
- Participate in incident management related to data breaches and privacy risks.
- Support the implementation and operation of data protection and privacy programs.
- Assist in identifying and managing personal data risks, data flows, and data handling procedures.
Certification & Compliance (ISO 27001, SOC 2 Type II)
- Contribute to the preparation, implementation, and maintenance of certification projects (e.g., ISO 27001, SOC 2 Type II).

- Experience with ISO 27001, SOC 2, or similar compliance programs.
- 1–3+ years of experience in governance, risk management, compliance, or cybersecurity.
- Organized, detail- oriented working style with a proactive attitude.
- Good analytical, documentation, and project management skills.
- Ability to write clear policies and communicate security concepts to both technical and non- technical audiences.
- Strong understanding of information security fundamentals, risk assessment methodologies, and compliance frameworks.
Nice- to- have:
- Familiarity with business continuity planning, vendor risk management, or audit processes.
- English communication.
- Relevant certifications: ISO 27001 Lead Implementer/Lead Auditor, CRISC, CISA, Security+, or equivalent.
- Experience in privacy programs (GDPR, local privacy laws).

- Work in a dynamic, open, creative environment
- Annual bonus: 2- 3 months under minimum KPI requirement
- Fast promotion opportunities based on personal ability
- Regular training, company team building, birthday bonus

Cập nhật gần nhất lúc: 2025-12-22 13:00:04