IT Security Governance, Risk, and Compliance (GRC) Engineer
Broomfield, CO, US, 80021
Overview
The Information Security Governance, Risk, and Compliance (GRC) Engineer plays an instrumental role in fulfilling Crocs, Inc.’s GRC strategies and processes. As a key member of the global GRC team, this engineer works directly with other stakeholders such as Legal, Risk, Internal Audit, etc. to ensure the alignment of the company's IT and Enterprise risk management framework with its business objectives and regulatory requirements.
The GRC Engineer possesses a combination of technical expertise, backgrounds in GRC and applicable frameworks, and situational awareness of global regulatory needs, to identify, track, and address potential risks, while proactively enhancing the company's overall GRC posture.
What You'll Do
Third Party Risk Management (TPRM)
- Build and maintain the chosen GRC platform to programmatically capture Cyber/IT risks, enabling timely analysis for risk control and reporting.
- Drive automation of TPRM processes including self-service questionnaires, evidence uploads, results evaluations, workflow facilitation, and other internal requirements through collaboration with key department stakeholders.
- Implement processes to automate and continuously monitor information security controls, exceptions, risks, and testing and establishing metrics, dashboards, and evidence artifacts.
Policy and Procedure Management
- Construct, maintain, and supervise implementation of Cybersecurity GRC Policies and Processes to ensure compliance with applicable laws, regulations, and industry standard frameworks including communications and training.
- Collaborate with partners from other core organizations (e.g., Legal, Audit) to ensure Cybersecurity and GRC components are accounted for in collaborative enterprise-wide policies, and processes.
- Define and document security process responsibilities, ownership of the tools tool’s controls, schedule regular assessments and testing for effectiveness and efficiency of controls and generate reports.
Audit and Compliance Management
- Coordinate with internal and external auditors to facilitate audits, ensuring IT and Enterprise compliance, and address potential issues proactively by working with stakeholders and Subject Matter Experts (SMEs) on deficiency remediation of audit or internal control findings.
- Guide IT and other Enterprise organizations to successfully achieve required compliance.
- Act as a point of contact for IT SOX Audit, working with the internal audit team and external auditors.
- Conduct user access reviews, certifications, and audits to ensure compliance with regulatory requirements and industry best practices
- Maintain the chosen GRC platform for managing, tracking, and reporting on Audit and Compliance findings.
Risk Management
- Maintain the Cybersecurity Risk Register and collaborate with other Risk stakeholders throughout the enterprise for inclusion in overall risk reporting and continuous monitoring.
- Work with business owners of known risks for remediation or compensating controls for policy adherence.
- Facilitate documentation and approval process for Risk Acceptance, in accordance with Cybersecurity policy and applicable frameworks.
What You'll Bring to the Table
- Bachelor’s degree or equivalent experience in Information Technology or related field.
- 4+ years of confirmed experience in cybersecurity as a practitioner, with 2+ years in a GRC role.
- Experience working with other compliance driven teams such as Legal and Audit. An IT infrastructure background is a plus.
- Situational awareness of relevant laws and regulations and other applicable frameworks.
- Possessing strong Risk Management Skills to identify, analyze, and effectively mitigate or manage enterprise risks with knowledge of risk management frameworks and methodologies.
- Excellent written and verbal communication skills, with the ability to present complex GRC issues and strategies clearly to various stakeholders.
- Proficiency in analyzing complex data, interpreting compliance requirements, and crafting effective solutions.
- Ability to negotiate with, influence, and secure buy-in from various stakeholders, both internal and external, to achieve GRC objectives.
- Knowledge of GRC technology solutions, as well as a broad understanding of information security principles and best practices.
- A dedication to continuous learning; a commitment to keeping up to date with the latest developments in the GRC field, including evolving laws and regulations, emerging risks, and best practices in GRC management.
The Company is an Equal Opportunity Employer committed to a diverse and inclusive work environment. We accept applications on an ongoing basis.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability, or any other classification protected by law.
Title: IT Security Governance, Risk, and Compliance (GRC) Engineer
Salary or Pay Range: $105,000 - $115,000
Workplace Persona: Connector
Pay offered will vary based on job-related factors such as location, experience, training, skills, and abilities.
This position is eligible to participate in a company incentive program.
This position is eligible for company benefits including but not limited to medical, dental, and vision coverage, life and AD&D, short and long-term disability coverage, paid time off, employee assistance, participation in a 401k program that includes company match, and many other additional voluntary benefits.
Job Category: Corporate
Nearest Major Market: Denver