Senior Security Engineer, GRC (Governance, Risk and Compliance)

As members of 6sense’s Security department, the Governance, Risk and Compliance (GRC) team aligns Security with business objectives while managing risks and meeting industry standards, regulations, and contractual obligations. GRC enforces governance, implements risk management strategies, and ensures compliance through operating as the second line of defense.

Responsibilities & Accountabilities

• All responsibilities of GRC Security Engineer III, and;

• Execute on milestones for end-to-end GRC initiatives in accordance with the Security roadmap

• Lead internal and external audit engagements

• Oversee and execute complex control tests, third-party and operational security risk assessments, and communicate results across multiple audiences with varying levels of sensitivity

• Develop issue and risk treatment plans with owners and test remediation for closure

• Design high-quality test plans and improve security control test activities through peer reviews that provide feedback and guidance to other GRC Engineers

• Provide GRC technology administration to include user training

• Mature security governance, training, and awareness programs

• Improve GRC handbook pages, procedures, and playbooks and maintain security program controlled documents

• Design GRC control automation and implement security GRC-related automation tasks

• Execute on quarterly individual Key Results that support team Objectives (OKRs)

Performance Measurement

• Maintains up-to-date knowledge of 6sense’s product, environment, systems, and architecture

• Actively prepares for weekly 1:1s with Manager and monthly skip levels

• Drives remediation of security risks and threats

• Adheres to strict deadlines and SLAs

• Participates in creation of milestones associated with major security projects

• Executes on milestones associated with major security projects

• Develops and maintains up-to-date handbook pages, runbooks, workflows, and dashboards

• Provides project status updates on a weekly basis

• Administers GRC technology

Educational and Experience Requirements

• 5+ years of experience being part of a GRC or similar team

• 1+ years of experience developing automation

• Experience with security tools and cloud environments (e.g., GRC, Vulnerability Scanners, SIEM, SOAR, AWS)

• Experience with industry frameworks, regulations, and standards, such as: ISO 27001, SOC 2, GDPR, PCI, SOX, NIST, etc.

Preferred Qualifications

• Big 4 (KPMG, Deloitte, PwC, EY) or similar experience

• Bachelor's degree in a related field

• Relevant industry certifications, such as CISSP, CISM, or GIAC, are highly desirable

Competencies and Behaviors

• Evangelizes security best practices

• Works independently to maintain and improve overall company security posture

• Collaborates with cross-functional teams

• Translates technical requirements into actionable and timebound requests

• Drives projects and tasks to completion by following up on questions, deadlines, and requests for input

• Maintains accuracy of information

• Proactive prioritization and escalation to management

• Strong communication skills, including verbal, written, and presentation skills