Information Security Governance, Risk and Compliance Engineer

The mission of the Governance, Risk, and Compliance (GRC) team is to ensure Verisign operates with strong governance practices, effectively manages cybersecurity risks, and complies with all relevant laws and regulations.

The Information Security GRC Engineer IV is a key contributor and plays a vital role in shaping the security posture of Verisign. This position focuses on overseeing the development and enforcement of information security policies and technical standards, as well as ensuring adherence to defined security requirements. We seek a candidate with both the technical expertise and strategic insight in information security gained from working in complex technical environments. The ideal individual will be adept at evaluating security requirements prescribed in policies and standards as well as developing security controls tailored to Verisign.

Responsibilities:

• Develop and maintain information security policies, technical standards, and security guidelines
• Evaluate compliance with security controls and security requirements
• Advise technical teams on the practical implementation of security controls
• Support internal and external security assessments
• Develop risk mitigation strategies
• Effectively communicate residual risks to senior management and create reports suitable for an executive-level audience
• Regularly review existing GRC processes to enhance efficiencies. Identify areas for improvement and provides actionable recommendations for improvements

Required:

• Possess subject matter expertise in cybersecurity and compliance frameworks, privacy controls, and security best practices. (e.g., NIST CSF, NIST SP 800-53, CIS Controls, SOC 2, GDPR, etc.)
• Possess subject matter expertise in developing and managing enterprise information security policies, technical standards, and security guidelines
• Possess subject matter expertise in security assessment, audits, risk mitigation, and risk management
• Technical understanding of security controls and identifying the "spirit" of the control, and how to implement them in a complex enterprise IT environment
• Bachelors' degree in Computer Science, an equivalent technical degree or work experience
• 8 + years of broad information security experience

Preferred:

• Knowledgeable in cybersecurity threats and risks
• Knowledgeable in continuous monitoring
• Industry-recognized certifications, such as CISSP, CGRC, CAP, CISM, CRISC, or CISA are highly desirable

This position is based in our Reston, VA office and offers a flexible, hybrid work schedule

The pay range is $128,700 - $174,100. The anticipated base salary range for this position is noted above, however, base pay offered may vary depending on job-related knowledge, skills and experience.