Lead GRC

Summary:

The Lead GRC Engineer is a strategic and execution-focused governance, risk, and compliance professional responsible for advancing key programs across PCI-DSS compliance, third-party risk management, policy governance, enterprise risk management, and security awareness. This role drives PCI audit readiness and execution, leads vendor due diligence and risk assessments, maintains cybersecurity policies and standards, coordinates phishing simulation initiatives, and supports compliance reporting and remediation activities. The position requires strong operational discipline, cross-functional partnership, and the ability to translate complex regulatory requirements into actionable business practices.

Primary Job Functions:

• Leading PCI-DSS audit readiness with QSAs, evidence collection, and sustained compliance. Strengthening enterprise risk management with NIST RMF & ISO 27005, delivering actionable insight...