Cybersecurity GRC Engineer

Fortuna is seeking a skilled Cybersecurity Governance, Risk, and Compliance (GRC) Engineer to support internal enterprise and client-side compliance initiatives. This role focuses on ensuring adherence to cybersecurity frameworks and regulatory requirements through robust vendor risk assessments, policy development, and secure-by-design principles. You will be highly knowledgeable in NIST 800-53 controls, experienced with GRC tools, and capable of leading risk analysis and compliance projects across diverse IT systems and service providers.

WORKSITE: Remote Pacific Time Preferred)

WORK SCHEDULE: Full-Time, Standard Business Hours (Pacific Time Zone Preferred)

PAY RATE: $64.00/hour

WHAT WE OFFER:

• Paid sick leave based on state regulations after 90 days of employment

• Medical, dental, and vision are offered after a waiting period (60% paid by Fortuna)

• Free TeleMedicine and Mental Health for all employees and their families

• Additional volunteer options such as Group Life Insurance, Accidental Insurance, Critical Care, Short Term Disability

WHAT YOU'LL DO:

• Provide expert guidance to internal teams and clients throughout the vendor onboarding lifecycle, ensuring adherence to security best practices and compliance requirements

• Conduct comprehensive third-party risk assessments in accordance with NIST 800-53 and other applicable frameworks to identify, analyze, mitigate, and monitor risks introduced by external vendors and internal systems

• Collaborate with business owners and technical teams to evaluate new products and services, ensuring alignment with organizational and regulatory security requirements

• Develop and maintain detailed risk treatment plans, control gap analyses, and remediation strategies to enhance organizational security posture

• Continuously review and update GRC policies, procedures, and standards to reflect changes in regulatory requirements and industry best practices

• Monitor compliance with federal, state, and local laws as well as contractual obligations, ensuring that identified risks are documented and escalated appropriately

• Partner with legal, procurement, IT, and security teams to embed GRC requirements into business processes and system development lifecycles

• Provide GRC-related reports, dashboards, and metrics to support audits, internal reporting, and executive briefings

WHAT YOU'LL BRING:

• Bachelor's degree (or equivalent) and a minimum of seven (7) years of experience in cybersecurity governance, risk, compliance, threat/vulnerability management, or information security architecture

• Strong working knowledge of NIST 800-53 and other major cybersecurity frameworks (e.g., HIPAA, CJIS, FTI) and their practical application in risk management and compliance programs

• Industry-recognized certifications such as CISSP, CISM, CRISC, or equivalent experience demonstrating deep subject matter expertise in GRC disciplines

• Hands-on experience using GRC platforms and tools (e.g., RSA Archer, ServiceNow GRC, LogicManager, or similar) for workflow management, control tracking, and reporting

• Proven ability to lead risk assessments, policy development, control testing, and vendor security reviews across complex IT environments

• Strong analytical and critical thinking skills with the ability to manage complex or unique challenges and communicate risks to technical and non-technical stakeholders

• Excellent verbal and written communication skills with the ability to influence and collaborate across multiple departments and levels of leadership

• Must be a S. Citizen or Green Card holder (no security clearance required)

Fortuna operates as a staffing agency that sources screens and presents potential candidates for employment opportunities on behalf of our clients.

Fortuna was founded in 2012 by practicing professionals with more than 50 combined years of experience. Our headquarters is in McClellan, California with offices in Los Angeles and New York, and satellite offices in the Philippines and Israel. Fortuna is an active member of multiple California service agreements, including the CMAS, ITMSA (Tier 2), and CalPERS SpringFed Pool, as well as multiple municipalities and large corporation vendor pools

Career Site: www.gofortuna.com.