GRC Engineer

At Bumble the security of our customers is a top priority. As a GRC engineer, you should be mission-focused in assuring the controls which protect our users' data, our company’s infrastructure and our global operations.
At Bumble we want to achieve the highest levels of security which means we need to have a strong program of controls assurance, governance of our processes and risk management which can be relied on to make good decisions. We want to tackle this problem with an engineering-led mindset and this role will build out the GRC frameworks, automation, and integration with the rest of the security and privacy portfolios. You should be tenacious with your curiosity both technically and organizationally about security risks, and work cross-functionally to resolve anything we don’t know. 
This role is skilled at finding novel ways to collect, normalise, analyse and report on our security posture. We want to be a trusted source for risk management for internal stakeholders and executives with data-driven insights. We want to have evidence of our capabilities gathered efficiently, comprehensively and low-friction. This role should be a champion for automation in control design for frameworks such as SOX, ISO27001, PCI-DSS and NIST.

Key Accountabilities

• Design and implement automation for partner trust, assurance, compliance, and regulatory activities
• Challenge and expand our thinking surrounding engineering and GRC
• Improve our reporting, metrics and assurance within GRC and with our stakeholders
• Promote and demonstrate the relevance and importance of security controls and how they provide business value
• Be the source of automation and engineering-led thinking for security control assessment, evidence collection, and summary reporting
• Stay ahead of the calendar of our assessments and engage stakeholders in a frictionless, empathetic way
• Integrate GRC systems with cross-functional stakeholder systems to ensure accuracy and consistency
• Be the subject matter expert for control validation in the Security team

Required Experience & Skills

• Can develop scripts in various scripting languages (Python, Go, etc.) and peer review code / implementation / automation scripts
• Familiarity with RESTful APIs 
• Experience with security data and BI tooling such as Bigquery, Snowflake, Looker, Tableau, etc.
• Knowledge of integrations with Slack, JiraStrong and demonstrable practical experience in visualising security control information, including dashboards, integrations or projects in the risk domain

About you

• Your values align strongly with the Bumble Inc. values: Growth, Kindness, Equity, Accountability, and Honesty
• You have demonstrated knowledge of large data handling and systems integration
• You have knowledge of various regulations and controls (SOX, PCI, GDPR, ISO27001, NIST etc)
• You are excited about developing and growing our GRC Engineering capabilities
• You have a passion for risk management, information security, metrics, efficient security operations, and effective control designs.
• Visualizing GRC data for people to consume and use effectively is something you are good at doing.
• Excellent analytical, problem solving and interpersonal skills
• Readiness to expand technical skill set, both through self-study and formal training