GRC Engineer

Job Summary
The company is seeking a GRC Engineer to build and formalize its Governance, Risk, and Compliance. This role will be responsible for designing security policies, managing risk assessments, driving compliance initiatives (ISO 27001, SOC 2 Type II), and strengthening privacy and physical security processes. The engineer will work closely with technical and business teams to ensure security requirements are embedded across all operations.
Key Responsibilities
Risk Assessment & Management
- Collaborate with engineering, product, and business units to ensure risks are understood, prioritized, and addressed.
- Maintain the company’s risk register and ensure timely remediation and risk treatment planning.
- Develop metrics and dashboards for continuous monitoring of security risks.
- Lead periodic information security risk assessments across systems, infrastructure, and business processes.
Security Awareness & Training
- Design and deliver security awareness programs, including phishing simulations, annual training, and role- based education.
- Work with HR to integrate security training into onboarding and staff development.
- Evaluate training effectiveness and recommend improvements to strengthen security culture.
Security Policy & Procedure Development
- Support the rollout and enforcement of policies across teams and business units.
- Ensure policies align with industry frameworks (NIST, ISO 27001) and regulatory requirements.
- Develop, maintain, and improve security policies, standards, and procedures across all departments.
Physical Security
- Collaborate with facilities and operations teams to assess physical security across stores, warehouses, and offices.
- Conduct risk assessments related to access control, surveillance, and asset protection.
- Develop physical security guidelines and coordinate periodic audits.
Data Protection & Privacy
- Participate in incident management related to data breaches and privacy risks.
- Support the implementation and operation of data protection and privacy programs.
- Collaborate with legal and IT teams to support compliance with privacy regulations.
- Assist in identifying and managing personal data risks, data flows, and data handling procedures.
Certification & Compliance (ISO 27001, SOC 2 Type II)
- Contribute to the preparation, implementation, and maintenance of certification projects (e.g., ISO 27001, SOC 2 Type II).

- Experience with ISO 27001, SOC 2, or similar compliance programs.
- 1–3+ years of experience in governance, risk management, compliance, or cybersecurity.
- Ability to write clear policies and communicate security concepts to both technical and non- technical audiences.
- Organized, detail- oriented working style with a proactive attitude.
- Good analytical, documentation, and project management skills.
- Strong understanding of information security fundamentals, risk assessment methodologies, and compliance frameworks.
Nice- to- have:
- Relevant certifications: ISO 27001 Lead Implementer/Lead Auditor, CRISC, CISA, Security+, or equivalent.
- English communication.
- Familiarity with business continuity planning, vendor risk management, or audit processes.
- Experience in privacy programs (GDPR, local privacy laws).

- Annual bonus: 2- 3 months under minimum KPI requirement
- Regular training, company team building, birthday bonus
- Work in a dynamic, open, creative environment
- Fast promotion opportunities based on personal ability

Cập nhật gần nhất lúc: 2026-01-14 13:00:03