At Spire, we are at the forefront of cutting-edge technology, where innovation meets security. We're looking for a GRC Engineer to join our dynamic team, shaping the future of security and compliance in our ambitious projects. We are seeking a skilled Governance, Risk, and Compliance (GRC) Engineer to join our team. The ideal candidate will have in-depth knowledge of Export Administration Regulations (EAR), International Trafficking in Arms Regulations (ITAR), ISO 27001, and NIST 800-171. You will play a crucial role in ensuring our compliance with these regulations and standards, thus supporting our commitment to operating securely and responsibly in the global market.
Key Responsibilities:
- Conduct thorough assessments and audits to ensure continued compliance with EAR/ITAR, ISO 27001, NIST 800-171 and any additional future security frameworks or contractual security requirements.
- Operate Spire’s Information Security Management System by outlining projects, executing workflows, and coordinating tasks with other teams as needed.
- Design, implement, and manage GRC tools and technologies to streamline processes for risk assessment, compliance monitoring, and incident management, including development of automation tools and automating auditing tasks.
- Develop and implement GRC and cybersecurity strategies and policies in line with regulatory and certification requirements.
- Provide guidance and training to staff on compliance matters related to export controls and security standards.
- Collaborate with cross-functional teams to address compliance issues and develop corrective action plans.
- Work with Spire’s Legal department to incorporate new legislative requirements into existing policies and procedures.
- Monitor applicable cybersecurity regulations for changes and incorporate new requirements into existing policies and procedures.
- Generate new documentation and maintain existing documentation such as stakeholder analyses, scope statements, risk assessment and treatment procedures, performance monitoring and measurement plans, etc.
- Conduct risk assessments and develop risk mitigation strategies.
- Prepare and submit compliance reports to regulatory agencies and internal stakeholders, including NIST SSPs and POAMs.
- Participate in external and internal audits including gathering audit evidence both directly and indirectly through coordination with other teams.
Qualifications:
- Bachelor's degree in Information Security, Cyber Security, Computer Science, Computer Engineering, Software Development, or a related field, or equivalent experience in a relevant area.
- Minimum of 3-5 years of hands-on technical experience in an IT, engineering, GRC, or security role, preferably in the aerospace, satellite, or Government industries.
- In-depth knowledge of EAR, ITAR, ISO 27001, NIST 800-171, and NIST 800-53.
- Professional certifications such as CISSP, CISA, CRISC, or similar are highly desirable.
- Ability to automate security control, compliance, and configuration audits utilizing scripting languages such as bash, Python, Go, or similar.
- Experience implementing and managing GRC tools and technologies, such as GRC platforms, SIEM solutions, and vulnerability management systems.
- Experience reviewing risk analyses, drafting corrective action plans, and driving the risk treatment process.
- Relevant experience working and communicating with internal and external systems and process auditors.
- In depth knowledge of security framework controls as they apply to public cloud (AWS preferred), hybrid, self-hosted, and SaaS environments.
- Ability to transform and communicate organizational compliance requirements into internal engineering requirements for various teams including engineering and security.
- Ability to partner with colleagues, independently manage and run complex projects, and prioritize efforts for risk reduction.
- Excellent analytical and problem-solving skills.
- Develop clear and concise written content.
- Excellent project and task management skills, preferably using Jira.
- Strong communication and interpersonal abilities.
- Ability to work independently and as part of a team.
Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in office.
#LI-MI1
