NN
Global Regulatory Sciences Intern contributing to R&D projects and regulatory decision - making at Bristol Myers Squibb. Collaborate with team members while gaining valuable industry experience from a leading biopharmaceutical company.
About the role
- GRC Engineer at Ouro improving risk assessment methodologies in a financial technology environment. Collaborating with teams to ensure effective security and compliance practices in cloud services.
Responsibilities
- Lead technical risk assessments across applications, cloud services, third-party integrations, and internal systems.
- Assess control effectiveness against frameworks such as NIST CSF, ISO 27001, SOC 2, PCI-DSS, and internal policies.
- Develop and maintain detailed risk registers and mitigation plans.
- Validate logging coverage, access controls, encryption configurations, and identity/security controls across cloud and infrastructure environments.
- Contribute to the development and maintenance of security policies, technical standards, and architecture principles.
- Translate compliance requirements into technical control specifications.
- Support engineering teams in interpreting and implementing controls correctly.
- Collaborate with internal audit and external auditors to provide evidence and narrative explanations for control effectiveness.
- Serve as a technical advisor to product and infrastructure teams during design, build, and release cycles.
- Improve risk assessment methodologies and tooling, including automation where possible.
- Provide GRC insights into threat modeling, vendor security reviews, and third-party due diligence.
- Support continuous improvement initiatives across governance, compliance, and risk processes.
- Review product, application, and cloud infrastructure architectures for security control gaps, misconfigurations, and design risks.
- Evaluate engineering design documents, data flow diagrams, and deployment patterns to ensure alignment with security best practices (e.g., zero trust, least privilege, secure SDLC).
- Provide actionable recommendations to engineering teams to address identified risks.
- Participate in security design reviews for new and evolving technologies
Requirements
- 5+ years of experience in GRC, security engineering, architecture review, or related technical security roles.
- Strong understanding of cloud platforms (AWS, GCP, Azure) and their native security controls.
- Hands-on experience reviewing architecture diagrams, data flows, and engineering design patterns.
- Deep familiarity with security frameworks: NIST CSF, ISO 27001/27002//27017/27018/42001, PCI-DSS, CIS, SOC 2 Trust Principles, and MITRE ATLAS/ATT&CK.
- Proven ability to conduct comprehensive technical risk assessments.
- AI/ML architecture/governance over MCP, RAG, and agentic workflows
- API integration and orchestration
- Coding and scripting capabilities using Python, SQL, Go, and Powershell
- Understanding of CI/CD pipelines, container orchestration (Kubernetes), IAM, network security, and logging pipelines.
- Excellent communication skills and ability to translate complex technical risks to business stakeholders.
Benefits
- Health insurance
- Flexible work arrangements
- Professional development opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Intern position in compliance at Desjardins Group, a major cooperative financial institution in Canada. Focus on personal and professional development within a diverse workplace.
Regulatory Affairs Specialist managing regulatory processes and ensuring compliance for medical devices. Focusing on EU regulations and collaborating with multidisciplinary teams for certification and quality management.
Operational Compliance Manager at Care Access overseeing quality data for clinical trials at research sites. Ensuring compliance with local regulations and operational excellence in Brazil.
Head of Regulatory, Government Affairs and Compliance at Superloop responsible for strategic regulatory and compliance initiatives in telecommunications. Managing complex regulatory engagement and fostering a strong compliance culture across the organization.
Information Risk & Compliance Specialist at Daikin focusing on secure, resilient, and compliant IT systems. Collaborate with teams and lead compliance audits while maturing internal controls.
Consultant managing compliance and financial regulation projects for clients in Sweden. Collaborating with experienced colleagues in financial regulatory areas to ensure clients meet standards.
Senior Regulatory Consultant providing strategic regulatory support to pharmaceutical companies. Collaborating on regulatory activities across the EU and US, ensuring compliance and successful submissions.
Regulatory Affairs Consultant in Medtech/IVD, supporting clients through product lifecycle. Involved in regulatory strategies, submissions, and compliance with EU and FDA regulations.
Governance, Risk and Compliance Lead managing cybersecurity strategy for Horse Powertrain. Overseeing compliance with key industry regulations and collaborating with teams globally.