Senior Cybersecurity GRC Associate managing information security governance, risk assessments, and compliance at Corient. Join a team dedicated to supporting high - net - worth individuals in wealth preservation.
About the role
- Security Engineering Lead at Outset overseeing security policies, compliance, and hands-on security engineering. Collaborating with teams to ensure secure product infrastructure and practices.
Responsibilities
- Own, develop, and maintain the company security policy framework, ensuring policies are current, practical, and aligned with compliance requirements (SOC 2, ISO 27001, etc.).
- Develop and maintain security playbooks, incident response procedures, and standard operating procedures across all security domains.
- Own Outset’s internal IT security program—including assessment, administration, and implementation of controls across corporate systems, endpoints, and SaaS tooling.
- Own the customer security questionnaire process: review, respond to, and track all inbound security assessments from prospects and customers.
- Assess and triage reported security vulnerabilities, prioritizing based on risk and directly implementing fixes across production software and infrastructure using hands-on (AI-assisted) coding skills.
- Lead investigations into security alerts and incidents; own the end-to-end response and post-incident review process.
- Design and implement security controls across cloud infrastructure (AWS), corporate systems, and endpoints.
- Conduct internal security reviews and threat modeling for new and existing products and features.
- Partner with engineering to embed secure development practices into CI/CD workflows and the SDLC.
- Manage the penetration testing program—scoping engagements, coordinating external vendors, and driving remediation of findings.
- Build and maintain detection and response pipelines for cloud and application environments; manage SIEM tooling and log analytics.
- Support SOC 2 and other compliance initiatives through technical controls, policy documentation, and audit evidence collection.
- Manage third-party risk assessments and vendor security reviews.
Requirements
- 6+ years of experience in security engineering, DevSecOps, information security, or a related role.
- Demonstrated experience authoring and maintaining security policies, standards, and playbooks.
- Hands-on familiarity with cloud environments (AWS) and modern SaaS tooling stacks.
- Strong understanding of identity management, endpoint protection, and network security fundamentals.
- Proficiency in scripting or automation (Python, Go, or similar); comfort using AI-assisted coding tools for production changes.
- Experience managing customer-facing security questionnaires and security review processes.
- Experience running or coordinating penetration testing engagements with external vendors.
- Experience with SIEM, detection engineering, or log analytics platforms.
- Exposure to compliance frameworks (SOC 2, ISO 27001) and the technical controls that underpin them.
- Excellent communication skills—able to translate complex security concepts for non-technical stakeholders.
- Startup experience or demonstrated comfort operating in fast-moving, ambiguous environments.
- Familiarity with securing AI/ML pipelines, data infrastructure, or internal developer tooling is a plus.
Benefits
- Daily collaboration with founders, shaping the core product vision.
- Exposure to and collaboration with design and research leaders at top global brands.
- Competitive cash and equity compensation. Actual compensation packages are based on various factors unique to each candidate, including skill set, depth of experience, and certifications.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Cybersecurity Specialist at Telefónica Tech supporting user access within minimal privilege principles. Ensuring compliance and coordination with internal security processes.
CISO responsible for cybersecurity strategy, operations, and regulatory compliance in leading blockchain ecosystem. Managing risk and fostering security culture within the organization.
Senior Penetration Tester working on TIBER and Red Team assignments in high - security sectors. Collaborate with experts to deliver comprehensive security assessments and enhance organizational security.
Senior Security Delivery Engineer safeguarding digital infrastructure at nbn by embedding security into CI/CD pipelines. Collaborating within DevSecOps teams to ensure resilient platforms.
Senior Cloud Security Engineer at Semperis focusing on preventative security and cloud architecture. Collaborating with teams to enhance security around cloud environments and regulatory requirements.
Product Manager driving secure communications solutions in a highly regulated environment. Collaborating with cross - functional teams to deliver product lifecycle from planning to field adoption.
Manager overseeing Identity and Access Management services at PwC. Collaborating with stakeholders to drive cyber resilience and compliance in complex environments.
Cybersecurity Shift Lead at PwC focusing on overseeing cybersecurity operations for clients. Leading teams and ensuring operational excellence during shifts across cybersecurity towers.
Director of Physical Security building security function for Swarmer, a tech company developing autonomous drone software. Overseeing security measures and fostering a proactive security culture.