Governance, Risk, and Compliance Engineer
Autonomy is one of the leading technological advances of this century that will come to impact our lives. The work you’ll do at Applied will meaningfully accelerate the efforts of the top autonomy teams in the world. At Applied, you will have a unique perspective on the development of cutting-edge technology while working with major players across the industry and the globe.
Applied Intuition provides software solutions to safely develop, test, and deploy autonomous vehicles at scale. The company’s suite of simulation, validation, and drive log management software enables development teams to create thousands of scenarios in minutes, run simulations at scale, and verify and validate algorithms for production deployment. Headquartered in Silicon Valley with offices in Detroit, Washington, D.C., Munich, Stockholm, Seoul, and Tokyo, Applied consists of software, robotics, and automotive experts with experiences from top global companies. Leading autonomy programs and 17 of the top 20 global OEMs use Applied’s solutions to bring autonomy to market faster.
About the role
We are looking for a multifaceted GRC Engineer who can lead our compliance initiatives across the organization. You will be responsible for ensuring adequate security controls to manage risk across the organization. Additionally, you will collaborate with legal, engineering and operations teams to ensure compliance with all relevant security requirements.
At Applied, you will:
- Facilitate risk assessments and control reviews to accommodate new business areas as well as changes in processes.
- In support of multiple frameworks (e.g. ISO27001, SOC2) plan, design and execute controls testing, controls assessment and risk management across all domains for IT General Controls and other GRC requirements, as appropriate.
- Conduct risk assessments against products, features, datasets, applications, and Third Party Risk Management (TPRM).
- Partner to evaluate the design and effectiveness of the technical and operational control environment.
- Validate information security key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet GRC standards where applicable.
- Execute strategies for ensuring organizational compliance with SOC2, ISO27001, Data Privacy, federal, state, and local government compliance, or similar regulations.
- Assist in the development and implementation of compliance training and awareness programs.
We're looking for someone who has:
- 3 years or more of relevant experience in risk-based technology compliance management programs, or Auditing experience.
- Experience in performing risk-based testing for control compliance, including the identification, assessment, and mitigation of compliance issues: understanding how to balance the company's risk appetite to compliance needs/requirements.
- Detailed knowledge and experience with technology controls across a variety of industry frameworks and how to assess controls supporting compliance for SOC2, ISO 27001, and privacy.
- Experience developing dynamic approaches to the implementation of a technology compliance program utilizing a variety of testing methods, both manual and automated, to provide qualitative and quantitative results where applicable.
Nice to have:
- Certifications such as CISA, CRISC, CISSP.
- Previously led Audits for ISO27001 or SOC 2.
The salary range for this position is $65,000 USD to $400,000 USD annually. This salary range is an estimate, and the actual salary may vary based on the Company's compensation practices.
Don’t meet every single requirement? If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.
Applicants will be required to be fully vaccinated against COVID-19 upon commencing employment. Reasonable accommodations will be considered on a case-by-case basis for exemptions to this requirement in accordance with applicable federal and state law. Applicants should be aware that for external-facing roles that involve close contact with Company employees or other third parties on the Company's premises, accommodations that involve remaining unvaccinated against COVID-19 may not be deemed reasonable. The Company will engage in the interactive process on an individualized basis taking into account the particular position.
Applied Intuition is an equal opportunity employer and federal contractor or subcontractor. Consequently, the parties agree that, as applicable, they will abide by the requirements of 41 CFR 60-1.4(a), 41 CFR 60-300.5(a) and 41 CFR 60-741.5(a) and that these laws are incorporated herein by reference. These regulations prohibit discrimination against qualified individuals based on their status as protected veterans
or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity or national origin. These regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability. The parties also agree that, as applicable, they will abide by the requirements of Executive Order 13496 (29 CFR Part 471, Appendix A to Subpart A), relating to the notice of employee rights under federal labor laws.