GRC Engineer

About the role

The GRC Engineer supports the implementation, operation, and modernization of the organization’s Governance, Risk, and Compliance (GRC) platform. This role works closely with the GRC Lead Engineer and Innovation Team as well as development and security teams to maintain secure, compliant, and well‑documented GRC environment aligned with federal security mandates and government policies. The GRC Engineer contributes to system configuration, integrations, reporting related to RMF activities, and supports system migrations and continuous monitoring through automation, documentation, and evidence collection.

What you'll do

• Install, configure, operate, and maintain GRC systems across production and non‑production environments in accordance with approved configuration baselines and change control procedures.
• Support releases, upgrades, and patches by executing regression testing, validating configurations, and assisting with rollback strategies.
• Develop and maintain integrations between the GRC platform and enterprise tools such as asset management systems, SIEM solutions, and cloud platforms (AWS, Azure, and Google Cloud).
• Implement and maintain APIs or other automated interfaces to synchronize data between GRC systems and related enterprise security tools.
• Create and administer GRC user and service accounts, supporting RBAC implementation and least‑privilege access, and integrating with approved identity and SSO services.
• Assist in defining and enforcing data quality, synchronization, and validation rules; maintain logging and auditable evidence to support compliance, records management, and internal audits.
• Create, maintain, and update standardized documentation templates (e.g., SSPPs, POA&Ms, Risk Acceptance Requests, FISMA questionnaires) and support associated approval workflows.
• Contribute to a centralized knowledge repository by developing and maintaining runbooks, SOPs, workflow documentation, and integration guides.

Qualifications

• Minimum three (3)+ years of experience required in listed tasks
• Bachelor's degree

• Experience administering and supporting GRC solutions in a federal or highly regulated environment.
• Hands‑on experience supporting system migrations or enhancements within GRC platforms, including assisting with control mappings and data transformation.
• Experience developing or supporting automated data integrations using APIs or similar mechanisms.
• Familiarity with cloud‑native security and compliance tooling across AWS, Azure, and GCP environments.
• Experience developing reports and dashboards that translate technical risk and compliance data into actionable insights for stakeholders.
• Experience supporting cybersecurity compliance activities and RMF authorization processes for federal information systems.
• Working knowledge of NIST RMF, NIST SP 800‑53 Rev. 5, and FISMA requirements.
• Experience supporting audits by maintaining accurate configurations, documentation, and evidence.
• Experience working with GRC platforms such as CSAM and/or RegScale (administration or operational support).
• Strong collaboration skills and a customer‑focused mindset.
• Background in systems engineering, security engineering, or related technical disciplines preferred.