Principal Governance, Risk and Compliance (GRC) Architect
<h3><span style="font-family: helvetica, arial, sans-serif;"><strong>The Role: The Bridge Between Rigor and Velocity</strong></span></h3>
<p><span style="font-family: helvetica, arial, sans-serif;">We are looking for a <strong>Principal GRC Architect</strong> who can solve a unique challenge: How do we maintain "gold-standard" security certifications without killing our "ship-fast" culture?</span></p>
<p><span style="font-family: helvetica, arial, sans-serif;">We are already under <strong>continuous observation</strong> for <strong>SOC 2 Type II</strong> and are <strong>GDPR compliant</strong>. We are now ready to evolve toward the most rigorous standards in the industry: <strong>TISAX, ITAR, and FedRAMP</strong>. This is a hands-on, individual contributor role. You will be the architect of the system and the person turning the gears, designing the roadmap and then personally implementing the controls.</span></p>
<p><span style="font-family: helvetica, arial, sans-serif;">Your mission is to reconcile the rigidity of international standards with the agility of a fast-paced software company. You aren't here to create bureaucracy; you’re here to engineer compliance directly into our <strong>AWS infrastructure</strong>.</span></p>
<h3><span style="font-family: helvetica, arial, sans-serif;"><strong>Core Responsibilities</strong><strong> </strong></span></h3>
<ul>
<li><strong>Maintain Continuous Observation:</strong> Uphold our SOC 2 Type II standard using automated monitoring to ensure compliance is a constant state, not an annual event.</li>
<li><strong>Technical Infrastructure Strategy:</strong> Directly satisfy the high-bar technical requirements of <strong>ITAR and FedRAMP</strong>. This includes managing the transition to/oversight of <strong>AWS GovCloud</strong>, defining network security boundaries, and ensuring encryption and IAM standards meet federal requirements.</li>
<li><strong>Bridge the "Speed vs. Standard" Gap:</strong> Act as a technical enabler for the Engineering team, designing and implementing controls (e.g., change management, access reviews) that satisfy auditors but don’t bottleneck our Engineering or DevOps teams.</li>
<li><strong>Lead Global Expansion:</strong> Architect and execute the technical and procedural implementation of <strong>TISAX, ITAR, and FedRAMP</strong>.</li>
<li><strong>GDPR Stewardship:</strong> Act as the internal authority on privacy, ensuring our data mapping and PIAs remain current without adding unnecessary friction.</li>
<li><strong>Customer Trust & Sales Support:</strong> Join calls with customer Infosec counterparts and handle technical vendor questionnaires to prove our security posture can be trusted by the world’s most demanding organizations.</li>
<li><strong>Individual Contributor Ownership:</strong> Act as a "department of one". You will write the policies, perform the risk assessments, and manage the audits yourself.</li>
</ul>
<h3><span style="font-family: helvetica, arial, sans-serif;"><strong>What You Bring</strong></span></h3>
<ul>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;"><strong>Technical AWS Depth:</strong> You understand how to configure AWS beyond simple evidence collection. You are familiar with GovCloud, VPC isolation, network security, and IAM architecture.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;"><strong>Standard Mastery:</strong> Expert-level knowledge in at least two of: TISAX, ITAR, or FedRAMP. You have previously led a company through these audits or were responsible for maintaining their compliance.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;"><strong>Privacy & AI Knowledge:</strong> A deep, working knowledge of GDPR and an active interest in the evolving landscape of AI regulation.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;"><strong>The "Translator" Skillset:</strong> You can translate rigid regulatory requirements into actionable technical tasks that make sense to a developer.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;"><strong>Independence:</strong> You are energized by "getting your hands dirty" and owning the full lifecycle of a program without a team to delegate to.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;"><strong>Communication:</strong> Exceptional English skills; able to negotiate effectively with both internal engineers and external auditors.</span></li>
</ul>
<h3><span style="font-family: helvetica, arial, sans-serif;"><strong>What you can expect from us</strong></span></h3>
<ul>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;">A direct seat at the table: full ownership of the compliance and GRC roadmap.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;">Your work directly enables our largest enterprise and government deals: measurable, visible business impact.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;">Enjoy flexible hours and the freedom to work remotely from anywhere in the world.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;">Access comprehensive health coverage, retirement plans, paid time off, and wellness support.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;">Stay active with subsidized gym memberships, sports meetups, and wellness programs.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;">Grow as a professional with online/offline learning, language courses, and tech talks.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;">Connect at team events, join support groups, and contribute to our ESG and DE&I initiatives.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;">Participate in fun team challenges and competitions for added excitement and team spirit.</span></li>
<li style="font-family: helvetica, arial, sans-serif;"><span style="font-family: helvetica, arial, sans-serif;">Multicultural team (35+ nationalities), flexible work, relocation and visa support where applicable.</span></li>
</ul>
<h3><span style="font-family: helvetica, arial, sans-serif;"><strong>Diversity, Equity and Inclusion at SimScale</strong></span></h3>
<p><span style="font-family: helvetica, arial, sans-serif;"><span style="font-weight: 400;">A</span><span style="font-weight: 400;">t SimScale, we look beyond borders and hire great talent from all parts of the world. With our team consisting of people from various backgrounds, we truly embrace diversity and encourage everyone to be themselves. We are unified by curiosity, dedication and our team spirit! As an equal opportunity employer, we acknowledge that our employees have different aspirations and career goals, and therefore are committed to create a diverse environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. A </span>copy of SimScale's full recruiting guideline can be made available on request. Kindly let us know how you would like to be addressed and whether you have specific requirements for the interview. </span></p>
Diese Anzeige stammt von ats_greenhouse. Originalanzeige ansehen ↗