Your CareerThe Principal Governance, Risk & Compliance (GRC) Engineer will report directly to the Director of GRC. In this pivotal role, you will serve as a senior individual contributor and subject matter expert within the InfoSec domain. Your primary focus will be on engineering and executing strategic and operational initiatives—particularly advancing third-party risk management, strengthening customer trust programs, and developing technical policies, procedures, standards, and guidelines that reinforce the organization’s security posture. You will influence technology-selection decisions, contribute to long-term strategic roadmaps, and collaborate cross-functionally to ensure measurable and scalable security outcomes.Your ImpactEngineer and implement the organization’s Governance, Risk, and Compliance (GRC) framework, with a focus on third-party risk management, customer trust, and the development of technical policies and standards across application, endpoint, and infrastructure security domains.Scale vendor risk and technical integration assessments using automation and AI to execute the full third-party risk management lifecycle: perform vendor onboarding assessments, validate technical controls, analyze evidence, prioritize remediation efforts, and confirm mitigation prior to operational deployment.Automate control evidence collection using automation and AI to lead the technical execution of customer trust initiatives, including supporting customer audits, completing complex security questionnaires, maintaining standardized Information Security documentation, and recommending remediation strategies for audit findings.Define, operationalize, and monitor key risk and compliance indicators (KRIs/KPIs) to measure vendor security posture, customer assurance effectiveness, and policy adherence, leveraging automation and data insights to drive accountability.Provide actionable security intelligence on vendor and customer-facing risks to ensure remediation SLAs are met, control deficiencies are reduced, and enterprise trust commitments are demonstrably fulfilled.Collaborate with Legal, Procurement, Product, and Security stakeholders to embed TPRM and Customer Trust requirements into contracts, SLAs, and strategic initiatives such as new partnerships and product integrations.Act as a trusted technical thought leader, developing standards, publishing guidance, and presenting third-party risk and customer trust metrics to senior management and technical peers.Advise executive leadership with deep technical insights into vendor security risks, audit outcomes, and policy treatment options, enabling defensible, scalable, and business-aligned decisions.Contribute engineering expertise to broader GRC and InfoSec programs as needed
