Senior GRC Engineer

At Spire, we are at the forefront of cutting-edge technology, where innovation meets security. We're looking for a GRC Engineer to join our dynamic team, shaping the future of security and compliance in our ambitious projects. We are seeking a skilled Governance, Risk, and Compliance (GRC) Engineer to join our team. The ideal candidate will have in-depth knowledge of Export Administration Regulations (EAR), International Trafficking in Arms Regulations (ITAR), ISO 27001, and NIST 800-171. You will play a crucial role in ensuring our compliance with these regulations and standards, thus supporting our commitment to operating securely and responsibly in the global market. 

Key Responsibilities: 

• Conduct thorough assessments and audits to ensure continued compliance with EAR/ITAR, ISO 27001, NIST 800-171 and any additional future security frameworks or contractual security requirements.
• Operate Spire’s Information Security Management System by outlining projects, executing workflows, and coordinating tasks with other teams as needed.
• Design, implement, and manage GRC tools and technologies to streamline processes for risk assessment, compliance monitoring, and incident management, including development of automation tools and automating auditing tasks.
• Develop and implement GRC and cybersecurity strategies and policies in line with regulatory and certification requirements.
• Provide guidance and training to staff on compliance matters related to export controls and security standards.
• Collaborate with cross-functional teams to address compliance issues and develop corrective action plans.
• Work with Spire’s Legal department to incorporate new legislative requirements into existing policies and procedures.
• Monitor applicable cybersecurity regulations for changes and incorporate new requirements into existing policies and procedures.
• Generate new documentation and maintain existing documentation such as stakeholder analyses, scope statements, risk assessment and treatment procedures, performance monitoring and measurement plans, etc.
• Conduct risk assessments and develop risk mitigation strategies.
• Prepare and submit compliance reports to regulatory agencies and internal stakeholders, including NIST SSPs and POAMs.
• Participate in external and internal audits including gathering audit evidence both directly and indirectly through coordination with other teams.   

Qualifications: 

• Bachelor's degree in Information Security, Cyber Security, Computer Science, Computer Engineering, Software Development, or a related field, or equivalent experience in a relevant area.
• Minimum of 3-5 years of hands-on technical experience in an IT, engineering, GRC, or security role, preferably in the aerospace, satellite, or Government industries.
• In-depth knowledge of EAR, ITAR, ISO 27001, NIST 800-171, and NIST 800-53.
• Professional certifications such as CISSP, CISA, CRISC, or similar are highly desirable.
• Ability to automate security control, compliance, and configuration audits utilizing scripting languages such as bash, Python, Go, or similar.
• Experience implementing and managing GRC tools and technologies, such as GRC platforms, SIEM solutions, and vulnerability management systems.
• Experience reviewing risk analyses, drafting corrective action plans, and driving the risk treatment process.
• Relevant experience working and communicating with internal and external systems and process auditors.
• In depth knowledge of security framework controls as they apply to public cloud (AWS preferred), hybrid, self-hosted, and SaaS environments.
• Ability to transform and communicate organizational compliance requirements into internal engineering requirements for various teams including engineering and security.
• Ability to partner with colleagues, independently manage and run complex projects, and prioritize efforts for risk reduction.
• Excellent analytical and problem-solving skills.
• Develop clear and concise written content.
• Excellent project and task management skills, preferably using Jira.
• Strong communication and interpersonal abilities.
• Ability to work independently and as part of a team. 

Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in office.

Access to US export controlled software and/or technology may be required. #LI-MI1

1