Senior GRC Engineer
At Spire, we are at the forefront of cutting-edge technology, where innovation meets security. We're looking for a GRC Engineer to join our dynamic team, shaping the future of security and compliance in our ambitious projects. We are seeking a skilled Governance, Risk, and Compliance (GRC) Engineer to join our team. The ideal candidate will have in-depth knowledge of Export Administration Regulations (EAR), International Trafficking in Arms Regulations (ITAR), ISO 27001, and NIST 800-171. You will play a crucial role in ensuring our compliance with these regulations and standards, thus supporting our commitment to operating securely and responsibly in the global market.
Key Responsibilities:
- Conduct thorough assessments and audits to ensure continued compliance with EAR/ITAR, ISO 27001, NIST 800-171 and any additional future security frameworks or contractual security requirements.
- Operate Spire’s Information Security Management System by outlining projects, executing workflows, and coordinating tasks with other teams as needed.
- Design, implement, and manage GRC tools and technologies to streamline processes for risk assessment, compliance monitoring, and incident management, including development of automation tools and automating auditing tasks.
- Develop and implement GRC and cybersecurity strategies and policies in line with regulatory and certification requirements.
- Provide guidance and training to staff on compliance matters related to export controls and security standards.
- Collaborate with cross-functional teams to address compliance issues and develop corrective action plans.
- Work with Spire’s Legal department to incorporate new legislative requirements into existing policies and procedures.
- Monitor applicable cybersecurity regulations for changes and incorporate new requirements into existing policies and procedures.
- Generate new documentation and maintain existing documentation such as stakeholder analyses, scope statements, risk assessment and treatment procedures, performance monitoring and measurement plans, etc.
- Conduct risk assessments and develop risk mitigation strategies.
- Prepare and submit compliance reports to regulatory agencies and internal stakeholders, including NIST SSPs and POAMs.
- Participate in external and internal audits including gathering audit evidence both directly and indirectly through coordination with other teams.
Qualifications:
- Bachelor's degree in Information Security, Cyber Security, Computer Science, Computer Engineering, Software Development, or a related field, or equivalent experience in a relevant area.
- Minimum of 3-5 years of hands-on technical experience in an IT, engineering, GRC, or security role, preferably in the aerospace, satellite, or Government industries.
- In-depth knowledge of EAR, ITAR, ISO 27001, NIST 800-171, and NIST 800-53.
- Professional certifications such as CISSP, CISA, CRISC, or similar are highly desirable.
- Ability to automate security control, compliance, and configuration audits utilizing scripting languages such as bash, Python, Go, or similar.
- Experience implementing and managing GRC tools and technologies, such as GRC platforms, SIEM solutions, and vulnerability management systems.
- Experience reviewing risk analyses, drafting corrective action plans, and driving the risk treatment process.
- Relevant experience working and communicating with internal and external systems and process auditors.
- In depth knowledge of security framework controls as they apply to public cloud (AWS preferred), hybrid, self-hosted, and SaaS environments.
- Ability to transform and communicate organizational compliance requirements into internal engineering requirements for various teams including engineering and security.
- Ability to partner with colleagues, independently manage and run complex projects, and prioritize efforts for risk reduction.
- Excellent analytical and problem-solving skills.
- Develop clear and concise written content.
- Excellent project and task management skills, preferably using Jira.
- Strong communication and interpersonal abilities.
- Ability to work independently and as part of a team.
Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in office.
Access to US export controlled software and/or technology may be required. #LI-MI1
The anticipated base salary range for this position is listed below. Final base salary for this role will be based on the location, skills, experience and qualifications. In addition to base compensation, this role may be eligible for annual equity awards and our employee benefits program, including vacation, sick, and personal time off; optional medical, dental, vision, life, and disability coverage; a 401(K) plan; health and wellness reimbursement program; and participation in Spire’s Employee Stock Purchase Plan.
Global Perks
🛰️ Name Your Satellite Program (NYSP)
🚀 Launch Attendance
🌴 Generous Time Off Policy
🎓 Education Assistance Program
🥰 Employee Assistance Program (EAP)
📈 Employee Stock Purchase Program (ESPP)
👣 Family Leave
💪 Fitness Reimbursement
🧡 Employee Referral Program
🍉 Healthy snacks & beverages in every office
About Spire
We improve life on Earth with data from space.
Spire Global is a space-to-cloud analytics company that owns and operates the largest multi-purpose constellation of satellites. Its proprietary data and algorithms provide the most advanced maritime, aviation, and weather tracking in the world. In addition to its constellation, Spire’s data infrastructure includes a global ground station network and 24/7 operations that provide real-time global coverage of every point on Earth.
Spire is Global and our success draws upon the diverse viewpoints, skills and experiences of our employees. We are proud to be an equal opportunity employer and are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity or veteran status.
Applying from California? Please review the CCPA Applicant Privacy Policy.
Applying from the EU? Please review Spire's Privacy Policy.