Description :

Job Summary :

We are looking for a highly skilled GRC Architect Engineer to design, implement, and scale enterprise-wide Governance, Risk, and Compliance frameworks.

This role requires deep expertise in security architecture, regulatory compliance, and risk management to build robust, scalable, and automated GRC solutions aligned with business objectives.

Key Responsibilities :

- Architect and design enterprise GRC frameworks aligned with business and security strategies

- Define and implement risk management methodologies, control frameworks, and compliance structures

- Lead the integration of GRC processes with enterprise architecture, IT systems, and security controls

- Drive automation of GRC processes using industry tools and platforms

- Map regulatory requirements (ISO 27001, NIST, SOC 2, GDPR, PCI-DSS, etc.) to technical and business controls

- Design and implement control testing, monitoring, and continuous compliance mechanisms

- Lead enterprise risk assessments, threat modeling, and risk quantification initiatives

- Develop and maintain policies, standards, and architectural guidelines for GRC

- Oversee third-party/vendor risk architecture and due diligence frameworks

- Collaborate with Security, IT, Engineering, Legal, and Audit teams to ensure end-to-end compliance

- Provide architectural guidance for cloud security compliance (AWS, Azure, GCP environments)

- Define KPIs/KRIs and build dashboards for real-time compliance and risk monitoring

- Support internal and external audits by ensuring systems and controls are audit-ready

- Stay updated with evolving regulatory requirements and incorporate them into architecture

Required Skills & Qualifications

- 1012 years of experience in GRC, Information Security, or Security Architecture

- Strong expertise in frameworks such as ISO 27001, NIST CSF, COBIT, SOC 2

- Hands-on experience in designing and implementing enterprise GRC programs

- Deep understanding of risk assessment methodologies and control frameworks

- Experience with GRC tools such as RSA Archer, ServiceNow GRC, OneTrust, or similar

- Strong knowledge of cloud compliance and security (AWS, Azure, GCP)

- Experience in integrating GRC with DevSecOps and enterprise architecture

- Excellent stakeholder management and cross-functional collaboration skills

- Strong analytical, documentation, and problem-solving abilities

Preferred Qualifications :

- Certifications such as CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Lead Auditor

- Experience in large-scale enterprise or consulting environments

- Exposure to automation, scripting, or data analytics for GRC reporting

- Knowledge of privacy frameworks and data protection regulations

- Experience in building risk quantification models (FAIR or similar)

Key Competencies :

- Strategic and architectural thinking

- Leadership and mentoring capabilities

- Risk-based decision making

- Strong communication and influencing skills

- Attention to detail with a governance mindset