GRC Engineer
UK London
Bumble Inc.
Bumble has changed the way people date, create meaningful relationships & network with women making the first move. Meet new people & download Bumble.
At Bumble the security of our customers is a top priority. As a GRC engineer, you should be mission-focused in assuring the controls which protect our users' data, our company’s infrastructure and our global operations.
At Bumble we want to achieve the highest levels of security which means we need to have a strong program of controls assurance, governance of our processes and risk management which can be relied on to make good decisions. We want to tackle this problem with an engineering-led mindset and this role will build out the GRC frameworks, automation, and integration with the rest of the security and privacy portfolios. You should be tenacious with your curiosity both technically and organizationally about security risks, and work cross-functionally to resolve anything we don’t know.
This role is skilled at finding novel ways to collect, normalise, analyse and report on our security posture. We want to be a trusted source for risk management for internal stakeholders and executives with data-driven insights. We want to have evidence of our capabilities gathered efficiently, comprehensively and low-friction. This role should be a champion for automation in control design for frameworks such as SOX, ISO27001, PCI-DSS and NIST.
At Bumble we want to achieve the highest levels of security which means we need to have a strong program of controls assurance, governance of our processes and risk management which can be relied on to make good decisions. We want to tackle this problem with an engineering-led mindset and this role will build out the GRC frameworks, automation, and integration with the rest of the security and privacy portfolios. You should be tenacious with your curiosity both technically and organizationally about security risks, and work cross-functionally to resolve anything we don’t know.
This role is skilled at finding novel ways to collect, normalise, analyse and report on our security posture. We want to be a trusted source for risk management for internal stakeholders and executives with data-driven insights. We want to have evidence of our capabilities gathered efficiently, comprehensively and low-friction. This role should be a champion for automation in control design for frameworks such as SOX, ISO27001, PCI-DSS and NIST.
Key Accountabilities
- Design and implement automation for partner trust, assurance, compliance, and regulatory activities
- Challenge and expand our thinking surrounding engineering and GRC
- Improve our reporting, metrics and assurance within GRC and with our stakeholders
- Promote and demonstrate the relevance and importance of security controls and how they provide business value
- Be the source of automation and engineering-led thinking for security control assessment, evidence collection, and summary reporting
- Stay ahead of the calendar of our assessments and engage stakeholders in a frictionless, empathetic way
- Integrate GRC systems with cross-functional stakeholder systems to ensure accuracy and consistency
- Be the subject matter expert for control validation in the Security team
Required Experience & Skills
- Can develop scripts in various scripting languages (Python, Go, etc.) and peer review code / implementation / automation scripts
- Familiarity with RESTful APIs
- Experience with security data and BI tooling such as Bigquery, Snowflake, Looker, Tableau, etc.
- Knowledge of integrations with Slack, JiraStrong and demonstrable practical experience in visualising security control information, including dashboards, integrations or projects in the risk domain
About you
- Your values align strongly with the Bumble Inc. values: Growth, Kindness, Equity, Accountability, and Honesty
- You have demonstrated knowledge of large data handling and systems integration
- You have knowledge of various regulations and controls (SOX, PCI, GDPR, ISO27001, NIST etc)
- You are excited about developing and growing our GRC Engineering capabilities
- You have a passion for risk management, information security, metrics, efficient security operations, and effective control designs.
- Visualizing GRC data for people to consume and use effectively is something you are good at doing.
- Excellent analytical, problem solving and interpersonal skills
- Readiness to expand technical skill set, both through self-study and formal training
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
9
2
0
Categories:
Compliance Jobs
Security Engineering Jobs
Tags: APIs Automation Business Intelligence Compliance GDPR Governance ISO 27001 NIST Privacy Python Risk management Scripting Snowflake SOX
Region:
Europe
Country:
United Kingdom
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Specialist jobsPenetration Tester jobsSenior Cyber Security Engineer jobsSenior Cybersecurity Engineer jobsInformation Security Officer jobsInformation Systems Security Officer jobsPrincipal Security Engineer jobsSenior Network Security Engineer jobsInformation System Security Officer jobsCloud Security Architect jobsChief Information Security Officer jobsSenior Penetration Tester jobsStaff Security Engineer jobsSecurity Specialist jobsSecurity Consultant jobsCyber Security Specialist jobsIT Security Engineer jobsSenior Information Security Analyst jobsCyber Security Architect jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobsCybersecurity Consultant jobsSenior Information Security Engineer jobsInformation System Security Officer (ISSO) jobsThreat Intelligence Analyst jobs
SaaS jobsSDLC jobsMalware jobsEncryption jobsRMF jobsForensics jobsSQL jobsGDPR jobsIPS jobsSplunk jobsIDS jobsTop Secret jobsEDR jobsFinance jobsDoDD 8570 jobsTerraform jobsBash jobsITIL jobsOWASP jobsCRISC jobsUNIX jobsGIAC jobsDocker jobsCompTIA jobsIntrusion detection jobs
TCP/IP jobsBanking jobsSANS jobsThreat detection jobsData Analytics jobsActive Directory jobsPolygraph jobsCCSP jobsOSCP jobsClearance Required jobsCyber defense jobsVPN jobsIT infrastructure jobsJavaScript jobsSOC 2 jobsAnsible jobsSOX jobsDNS jobsSOAR jobsJira jobsGCIH jobsSecurity strategy jobsOracle jobsNIST 800-53 jobsCryptography jobs