Senior Security Engineer, GRC

March 10

Apply Now

Receive Emails with Similar Jobs

Docker, Inc

WebsiteLinkedInAll Job Openings

At Docker, we simplify the lives of developers who are making world-changing apps. Docker helps developers bring their ideas to reality by conquering the complexity of app development. We simplify and accelerate workflows with an integrated development pipeline and application components. Actively used by millions of developers around the world, Docker Desktop and Docker Hub provide unmatched simplicity, agility and choice.

Containerization • Open Source • Containers • Virtualization • System Administration

51 - 200 employees

💰 $105M Series C on 2022-03

📋 Description

• Docker is a remote first company that simplifies the lives of developers who are making world-changing apps. • Looking for a Senior Security GRC Engineer who will lead the development, implementation and maintenance of comprehensive GRC strategies. • Automate control evidence gathering and continuous testing. • Mature the governance program by working alongside security engineering providing compliance and technical security control implementations across multiple software products. • Establish partnerships with internal/external auditors, regulators, business stakeholders develop security requirements and controls. • Optimize security compliance monitoring and alerting systems; aggregate compliance alerts and advise on system policy violations. • Perform critical data security reviews over newly released products and features. • Ensure controls are operating effectively via assessment and attestation. • Own the vulnerability management program to identify and provide guidance for improvements. • Use automated and manual processes to produce relevant KPIs about the Information security program. • Maintain corporate Information Security policies and departmental procedures and maps them to relevant control standards. • Operate periodic processes to comply with hiring, transfer, and termination protocols and conduct regular access reviews. • Build and maintain company awareness and education progress. • Build and operate the company platform to document, measure, and report assessments, risks, controls findings, and remediation activity. • Draft policies and best practices that will be consumed by the entire organization. • Maintain knowledge of certifications and controls such as SOC 2, ISO 27001 / ISO 27018, and 27701. • Evaluate vendors against compliance and security standards.

🎯 Requirements

• Have 6 to 8 years of experience in Information Technology, Security Engineering, Governance, Risk and Compliance • Will have familiarity setting up APIs and Webhooks, at least one scripting language, and at least one public cloud architecture and control tool • Experience conducting security compliance reviews and audits for SaaS products and hosted environments including AWS and Azure. • Have strong knowledge of information security risk management and information security technologies (e.g: SIEM, vulnerability management, data loss prevention and /or endpoint protection) • Thrive in fast-paced environments and can adapt quickly in the face of constantly evolving cybersecurity challenges • Strong project management skills with the ability to lead and execute security assessment projects, vendor evaluations and initiatives on time with multiple stakeholders • Enjoy fostering collaboration and cross-functional partnerships to help spread awareness and • Build and implementation of cybersecurity controls • Have experience in-depth knowledge and experience of cybersecurity frameworks including ISO 27001, 27701 and 27018 • Experience with the entire controls monitoring lifecycle, including identifying, assessing, monitoring, and remediating controls. • Excellent verbal and written communication skills with the ability to document, communicate, and report security assessments • Serve as the subject matter expert and provide technical leadership and feedback for compliance / GRC projects • Appropriately handling and managing confidential information including proprietary and trade secret information • Stay up-to-date with changes in regulations, standards, and emerging regulatory requirements and ensure compliance • Nice to Have: Relevant industry certifications such as CISSP, CISA, CRISC

🏖️ Benefits

• Freedom & flexibility; fit your work around your life • Home office setup; we want you comfortable while you work • 16 weeks of paid Parental leave • Technology stipend equivalent to $100 net/month • PTO plan that encourages you to take time to do the things you enjoy • Quarterly, company-wide hackathons • Training stipend for conferences, courses and classes • Equity; we are a growing start-up and want all employees to have a share in the success of the company • Docker Swag • Medical benefits, retirement and holidays vary by country