Logo for Ouro

GRC Engineer

Ouro

Key Facts

Remote From: 
Texas (USA)
Full time
Senior (5-10 years)
English

Other Skills

  • Collaboration
  • Communication
  • Problem Solving

Roles & Responsibilities

  • 5+ years of experience in GRC, security engineering, architecture review, or related technical security roles
  • Strong understanding of cloud platforms (AWS, GCP, Azure) and their native security controls
  • Deep familiarity with security frameworks such as NIST CSF, ISO 27001/27002/27017/27018/42001, PCI-DSS, CIS, SOC 2 Trust Principles, and MITRE ATT&CK
  • Proven ability to conduct comprehensive technical risk assessments and translate risk into actionable controls across cloud and application environments

Requirements:

  • Lead technical risk assessments across applications, cloud services, third-party integrations, and internal systems; validate logging, access controls, encryption configurations, and identity/security controls against NIST CSF, ISO 27001, SOC 2, PCI-DSS, and internal policies
  • Contribute to the development and maintenance of security policies, technical standards, and architecture principles; translate compliance requirements into technical control specifications; support audits with evidence and narratives
  • Serve as a technical advisor to product and infrastructure teams during design, build, and release cycles; improve risk assessment methodologies and tooling, including automation; provide GRC insights for threat modeling and third-party due diligence
  • Review product, application, and cloud architectures for security control gaps and design risks; evaluate data flows and deployment patterns to ensure alignment with security best practices; participate in security design reviews for new technologies

Job description

About the Company:

Ouro is a global, vertically-integrated financial services and technology company dedicated to the delivery of innovative financial empowerment solutions to consumers worldwide. Ouro’s financial products and services span prepaid, debit, cross-border payments, and loyalty solutions for consumers and enterprise partners.

Ouro's flagship product Netspend provides prepaid and debit account solutions that connect customers with secure, convenient access to global payment networks so they can manage their money and make everyday purchases. With a nationwide U.S. retail network, customers can purchase and reload Netspend products at 130,000 reload points and over 100,000 distributing locations.

Since Ouro's founding in 1999 by industry pioneers, Ouro products have processed billions of dollars in transaction volume and served millions of customers worldwide. The company is headquartered in Austin, Texas with employees worldwide.

Job Description: We are looking for a highly technical Governance, Risk, and Compliance (GRC) Engineer to strengthen our GRC function. This individual contributor role bridges traditional GRC responsibilities with hands-on technical expertise, ensuring that risk assessments, architecture reviews, and control validations are grounded in real-world engineering practices.

The ideal candidate has significant experience in cloud and application architectures, strong knowledge of security controls and frameworks, and the ability to translate business requirements into actionable risk mitigation strategies. This role partners closely with Product Engineering, Cloud/Infrastructure, Security Engineering, and Audit/Compliance teams.

Key Responsibilities

Risk Assessments & Control Validation

  • Lead technical risk assessments across applications, cloud services, third-party integrations, and internal systems.

  • Assess control effectiveness against frameworks such as NIST CSF, ISO 27001, SOC 2, PCI-DSS, and internal policies.

  • Develop and maintain detailed risk registers and mitigation plans.

  • Validate logging coverage, access controls, encryption configurations, and identity/security controls across cloud and infrastructure environments.

Policy, Standards & Compliance Engineering

  • Contribute to the development and maintenance of security policies, technical standards, and architecture principles.

  • Translate compliance requirements into technical control specifications.

  • Support engineering teams in interpreting and implementing controls correctly.

  • Collaborate with internal audit and external auditors to provide evidence and narrative explanations for control effectiveness.

Security Program Enablement

  • Serve as a technical advisor to product and infrastructure teams during design, build, and release cycles.

  • Improve risk assessment methodologies and tooling, including automation where possible.

  • Provide GRC insights into threat modeling, vendor security reviews, and third-party due diligence.

  • Support continuous improvement initiatives across governance, compliance, and risk processes.

Technical Architecture Governance

  • Review product, application, and cloud infrastructure architectures for security control gaps, misconfigurations, and design risks.

  • Evaluate engineering design documents, data flow diagrams, and deployment patterns to ensure alignment with security best practices (e.g., zero trust, least privilege, secure SDLC).

  • Provide actionable recommendations to engineering teams to address identified risks.

  • Participate in security design reviews for new and evolving technologies

Requirements

  • 5+ years of experience in GRC, security engineering, architecture review, or related technical security roles.

  • Strong understanding of cloud platforms (AWS, GCP, Azure) and their native security controls.

  • Hands-on experience reviewing architecture diagrams, data flows, and engineering design patterns.

  • Deep familiarity with security frameworks: NIST CSF, ISO 27001/27002//27017/27018/42001, PCI-DSS, CIS, SOC 2 Trust Principles, and MITRE ATLAS/ATT&CK.

  • Proven ability to conduct comprehensive technical risk assessments.

  • AI/ML architecture/governance over MCP, RAG, and agentic workflows

  • API integration and orchestration

  • Coding and scripting capabilities using Python, SQL, Go, and Powershell

  • Understanding of CI/CD pipelines, container orchestration (Kubernetes), IAM, network security, and logging pipelines.

  • Excellent communication skills and ability to translate complex technical risks to business stakeholders.

Preferred Qualifications

  • Certifications such as CISM, CRISC, CISSP, CCSP, AWS Security Specialty, or similar.

  • Experience with threat modeling methodologies.

  • Familiarity with security-as-code and risk automation tooling.

  • Previous work in a high-scale fintech, SaaS, or regulated environment
Ready to apply?
APPLY
·

Related jobs

Texas (USA)

We help you get seen. Not ignored.

We help you get seen faster — by the right people.

🚀

Auto-Apply

We apply for you — automatically and instantly.

Save time, skip forms, and stay on top of every opportunity. Because you can't get seen if you're not in the race.

AI Match Feedback

Know your real match before you apply.

Get a detailed AI assessment of your profile against each job posting. Because getting seen starts with passing the filters.

Upgrade to Premium. Apply smarter and get noticed.

Upgrade to Premium

Join thousands of professionals who got noticed and hired faster.