GRC Engineer at CIGAM Software de Gestão | Hybrid Hired

About the role

GRC Engineer at Ouro handling risk assessments and compliance engineering for cloud services. Collaborating with teams to ensure security control effectiveness across applications and infrastructure.

Responsibilities

Lead technical risk assessments across applications, cloud services, third-party integrations, and internal systems.
Assess control effectiveness against frameworks such as NIST CSF, ISO 27001, SOC 2, PCI-DSS, and internal policies.
Develop and maintain detailed risk registers and mitigation plans.
Validate logging coverage, access controls, encryption configurations, and identity/security controls across cloud and infrastructure environments.
Contribute to the development and maintenance of security policies, technical standards, and architecture principles.
Translate compliance requirements into technical control specifications.
Support engineering teams in interpreting and implementing controls correctly.
Collaborate with internal audit and external auditors to provide evidence and narrative explanations for control effectiveness.
Serve as a technical advisor to product and infrastructure teams during design, build, and release cycles.
Improve risk assessment methodologies and tooling, including automation where possible.
Provide GRC insights into threat modeling, vendor security reviews, and third-party due diligence.
Support continuous improvement initiatives across governance, compliance, and risk processes.
Review product, application, and cloud infrastructure architectures for security control gaps, misconfigurations, and design risks.
Evaluate engineering design documents, data flow diagrams, and deployment patterns to ensure alignment with security best practices (e.g., zero trust, least privilege, secure SDLC).
Provide actionable recommendations to engineering teams to address identified risks.
Participate in security design reviews for new and evolving technologies

Requirements

5+ years of experience in GRC, security engineering, architecture review, or related technical security roles.
Strong understanding of cloud platforms (AWS, GCP, Azure) and their native security controls.
Hands-on experience reviewing architecture diagrams, data flows, and engineering design patterns.
Deep familiarity with security frameworks: NIST CSF, ISO 27001/27002//27017/27018/42001, PCI-DSS, CIS, SOC 2 Trust Principles, and MITRE ATLAS/ATT&CK.
Proven ability to conduct comprehensive technical risk assessments.
AI/ML architecture/governance over MCP, RAG, and agentic workflows
API integration and orchestration
Coding and scripting capabilities using Python, SQL, Go, and Powershell
Understanding of CI/CD pipelines, container orchestration (Kubernetes), IAM, network security, and logging pipelines.
Excellent communication skills and ability to translate complex technical risks to business stakeholders.

Similar roles

Browse all Compliance jobs

2 hours ago

FI

Regulatory Operations Analyst

Flutter International

Regulatory Operations Analyst supporting SEU Operations Risk department with regulatory compliance across licensed jurisdictions. Engaging in multi - jurisdictional work and maintaining regulatory controls.

Hybrid Role

Saint Julian's Malta Compliance

2 hours ago

KR

Associate Manager, Investigations, Diligence and Compliance

Kroll

Associate Manager developing and managing investigations and consulting cases at Kroll. Collaborating with teams to ensure quality and compliance across diverse cases.

Hybrid Role

Toronto Canada Compliance

CA$80,000 - CA$115,000 per year

3 hours ago

JC

Senior Regulatory Engineer

Johnson Controls

Senior Regulatory Engineer responsible for regulatory strategies and agency interactions at Johnson Controls. Collaborating on new product approvals and maintaining compliance with existing products.

Hybrid Role

Westford United States Compliance

$110,000 - $150,000 per year

4 hours ago

EI

Spécialiste Réglementaire et Qualité – Conception

EOS imaging

Regulatory and Quality Specialist supporting compliance strategy for medical devices in R&D. Collaborating with design teams to ensure quality and regulatory adherence.

Hybrid Role

Paris France Compliance

4 hours ago

PF

Compliance & Oversight Lead Manager

Pfizer

Compliance & Oversight Lead Manager facilitating GILA business processes and data quality. Ensuring compliance with labeling activities in a global pharmaceutical environment.

Hybrid Role

Walton Oaks United Kingdom Compliance

4 hours ago

PF

Manager, US Regulatory Advertising and Promotion

Pfizer

Manager in US Regulatory Advertising and Promotion at Pfizer supporting regulatory guidance and strategic review of promotional communications. Mentoring junior staff while ensuring compliance with regulatory standards.

Hybrid Role

New York City United States Compliance

$93,600 - $156,000 per year

7 hours ago

TA

Senior GRC Consultant – m/f/d

Tricept Informationssysteme AG

Senior GRC Consultant consulting clients on GRC software RiMaGo and implementing risk strategies. Collaborating with development team and conducting training sessions in GRC.

Hybrid Role

Detmold Germany Compliance

9 hours ago

AG

Senior Compliance Officer – Coverage, Public Sector Compliance Advisory

Absa Group

Senior Compliance Officer at Absa providing compliance support and risk management in the banking sector. Leading compliance initiatives and regulatory relationship management.

Hybrid Role

Sandton South Africa Compliance

17 hours ago

RT

Manager, Global Ethics & Compliance

RTX

Compliance Manager supporting RTX's Anti - Bribery & Anti - Corruption Program at the largest aerospace and defense company. Ensuring compliance with various international anti - corruption laws and regulations.

Hybrid Role

REMOTE United States Compliance

$107,500 - $204,500 per year

19 hours ago

WB

Compliance Officer – Wealth

WSFS Bank

Compliance Officer overseeing compliance and risk management within WSFS Bank's Wealth Division. Providing independent oversight and guidance on regulatory compliance and risk assessment.

Onsite Role

Wilmington United States Compliance

$92,869 - $152,569 per year