Spire
Senior GRC Engineer
Spire, San Francisco, California, United States, 94199
Spire
Spire designs, builds and operates the world’s largest multipurpose satellite constellation. With our proven history in space infrastructure, we provide you with unprecedented access and insights from the ultimate vantage point – space.At Spire, we are at the forefront of cutting-edge technology, where innovation meets security. We're looking for a GRC Engineer to join our dynamic team, shaping the future of security and compliance in our ambitious projects. The ideal candidate will have in-depth knowledge of Export Administration Regulations (EAR), International Trafficking in Arms Regulations (ITAR), ISO 27001, and NIST 800-171. You will play a crucial role in ensuring our compliance with these regulations and standards, thus supporting our commitment to operating securely and responsibly in the global market.Key Responsibilities:Conduct thorough assessments and audits to ensure continued compliance with EAR/ITAR, ISO 27001, NIST 800-171 and any additional future security frameworks or contractual security requirements.Operate Spire’s Information Security Management System by outlining projects, executing workflows, and coordinating tasks with other teams as needed.Design, implement, and manage GRC tools and technologies to streamline processes for risk assessment, compliance monitoring, and incident management, including development of automation tools and automating auditing tasks.Develop and implement GRC and cybersecurity strategies and policies in line with regulatory and certification requirements.Provide guidance and training to staff on compliance matters related to export controls and security standards.Collaborate with cross-functional teams to address compliance issues and develop corrective action plans.Work with Spire’s Legal department to incorporate new legislative requirements into existing policies and procedures.Monitor applicable cybersecurity regulations for changes and incorporate new requirements into existing policies and procedures.Generate new documentation and maintain existing documentation such as stakeholder analyses, scope statements, risk assessment and treatment procedures, performance monitoring and measurement plans, etc.Conduct risk assessments and develop risk mitigation strategies.Prepare and submit compliance reports to regulatory agencies and internal stakeholders, including NIST SSPs and POAMs.Participate in external and internal audits including gathering audit evidence both directly and indirectly through coordination with other teams.Qualifications:Bachelor's degree in Information Security, Cyber Security, Computer Science, Computer Engineering, Software Development, or a related field, or equivalent experience in a relevant area.Minimum of 3-5 years of hands-on technical experience in an IT, engineering, GRC, or security role, preferably in the aerospace, satellite, or Government industries.In-depth knowledge of EAR, ITAR, ISO 27001, NIST 800-171, and NIST 800-53.Professional certifications such as CISSP, CISA, CRISC, or similar are highly desirable.Ability to automate security control, compliance, and configuration audits utilizing scripting languages such as bash, Python, Go, or similar.Experience implementing and managing GRC tools and technologies, such as GRC platforms, SIEM solutions, and vulnerability management systems.Experience reviewing risk analyses, drafting corrective action plans, and driving the risk treatment process.Relevant experience working and communicating with internal and external systems and process auditors.In depth knowledge of security framework controls as they apply to public cloud (AWS preferred), hybrid, self-hosted, and SaaS environments.Ability to transform and communicate organizational compliance requirements into internal engineering requirements for various teams including engineering and security.Ability to partner with colleagues, independently manage and run complex projects, and prioritize efforts for risk reduction.Excellent analytical and problem-solving skills.Develop clear and concise written content.Excellent project and task management skills, preferably using Jira.Strong communication and interpersonal abilities.Ability to work independently and as part of a team.Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in office.Access to US export controlled software and/or technology may be required.Salary Range:
$130,000—$170,000 USDThe anticipated base salary range for this position is listed above. Final base salary for this role will be based on the location, skills, experience and qualifications. In addition to base compensation, this role may be eligible for annual equity awards and our employee benefits program, including vacation, sick, and personal time off; optional medical, dental, vision, life, and disability coverage; a 401(K) plan; health and wellness reimbursement program; and participation in Spire’s Employee Stock Purchase Plan.
#J-18808-Ljbffr
Spire designs, builds and operates the world’s largest multipurpose satellite constellation. With our proven history in space infrastructure, we provide you with unprecedented access and insights from the ultimate vantage point – space.At Spire, we are at the forefront of cutting-edge technology, where innovation meets security. We're looking for a GRC Engineer to join our dynamic team, shaping the future of security and compliance in our ambitious projects. The ideal candidate will have in-depth knowledge of Export Administration Regulations (EAR), International Trafficking in Arms Regulations (ITAR), ISO 27001, and NIST 800-171. You will play a crucial role in ensuring our compliance with these regulations and standards, thus supporting our commitment to operating securely and responsibly in the global market.Key Responsibilities:Conduct thorough assessments and audits to ensure continued compliance with EAR/ITAR, ISO 27001, NIST 800-171 and any additional future security frameworks or contractual security requirements.Operate Spire’s Information Security Management System by outlining projects, executing workflows, and coordinating tasks with other teams as needed.Design, implement, and manage GRC tools and technologies to streamline processes for risk assessment, compliance monitoring, and incident management, including development of automation tools and automating auditing tasks.Develop and implement GRC and cybersecurity strategies and policies in line with regulatory and certification requirements.Provide guidance and training to staff on compliance matters related to export controls and security standards.Collaborate with cross-functional teams to address compliance issues and develop corrective action plans.Work with Spire’s Legal department to incorporate new legislative requirements into existing policies and procedures.Monitor applicable cybersecurity regulations for changes and incorporate new requirements into existing policies and procedures.Generate new documentation and maintain existing documentation such as stakeholder analyses, scope statements, risk assessment and treatment procedures, performance monitoring and measurement plans, etc.Conduct risk assessments and develop risk mitigation strategies.Prepare and submit compliance reports to regulatory agencies and internal stakeholders, including NIST SSPs and POAMs.Participate in external and internal audits including gathering audit evidence both directly and indirectly through coordination with other teams.Qualifications:Bachelor's degree in Information Security, Cyber Security, Computer Science, Computer Engineering, Software Development, or a related field, or equivalent experience in a relevant area.Minimum of 3-5 years of hands-on technical experience in an IT, engineering, GRC, or security role, preferably in the aerospace, satellite, or Government industries.In-depth knowledge of EAR, ITAR, ISO 27001, NIST 800-171, and NIST 800-53.Professional certifications such as CISSP, CISA, CRISC, or similar are highly desirable.Ability to automate security control, compliance, and configuration audits utilizing scripting languages such as bash, Python, Go, or similar.Experience implementing and managing GRC tools and technologies, such as GRC platforms, SIEM solutions, and vulnerability management systems.Experience reviewing risk analyses, drafting corrective action plans, and driving the risk treatment process.Relevant experience working and communicating with internal and external systems and process auditors.In depth knowledge of security framework controls as they apply to public cloud (AWS preferred), hybrid, self-hosted, and SaaS environments.Ability to transform and communicate organizational compliance requirements into internal engineering requirements for various teams including engineering and security.Ability to partner with colleagues, independently manage and run complex projects, and prioritize efforts for risk reduction.Excellent analytical and problem-solving skills.Develop clear and concise written content.Excellent project and task management skills, preferably using Jira.Strong communication and interpersonal abilities.Ability to work independently and as part of a team.Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in office.Access to US export controlled software and/or technology may be required.Salary Range:
$130,000—$170,000 USDThe anticipated base salary range for this position is listed above. Final base salary for this role will be based on the location, skills, experience and qualifications. In addition to base compensation, this role may be eligible for annual equity awards and our employee benefits program, including vacation, sick, and personal time off; optional medical, dental, vision, life, and disability coverage; a 401(K) plan; health and wellness reimbursement program; and participation in Spire’s Employee Stock Purchase Plan.
#J-18808-Ljbffr