remote job
Engineering
Remote
Sponsorship Not Stated
Principal Governance, Risk and Compliance (GRC) Architect
Verified OpportunityChecked by PathwayAI staff.
Role Summary
Join SimScale GmbH as a Principal Governance, Risk and Compliance Architect, leading compliance strategies in a remote capacity while balancing security standards with fast-paced software delivery.
Key Responsibilities
- Maintain Continuous Observation: Uphold our SOC 2 Type II standard using automated monitoring to ensure compliance is a constant state, not an annual event.
- Technical Infrastructure Strategy: Directly satisfy the high-bar technical requirements of ITAR and FedRAMP. This includes managing the transition to/oversight of AWS GovCloud, defining network security boundaries, and ensuring encryption and IAM standards meet federal requirements.
- Bridge the "Speed vs. Standard" Gap: Act as a technical enabler for the Engineering team, designing and implementing controls (e.g., change management, access reviews) that satisfy auditors but don’t bottleneck our Engineering or DevOps teams.
- Lead Global Expansion: Architect and execute the technical and procedural implementation of TISAX, ITAR, and FedRAMP.
- GDPR Stewardship: Act as the internal authority on privacy, ensuring our data mapping and PIAs remain current without adding unnecessary friction.
- Customer Trust & Sales Support: Join calls with customer Infosec counterparts and handle technical vendor questionnaires to prove our security posture can be trusted by the world’s most demanding organizations.
- Individual Contributor Ownership: Act as a "department of one". You will write the policies, perform the risk assessments, and manage the audits yourself.
Minimum Requirements
- Technical AWS Depth: You understand how to configure AWS beyond simple evidence collection. You are familiar with GovCloud, VPC isolation, network security, and IAM architecture.
- Standard Mastery: Expert-level knowledge in at least two of: TISAX, ITAR, or FedRAMP. You have previously led a company through these audits or were responsible for maintaining their compliance.
- Privacy & AI Knowledge: A deep, working knowledge of GDPR and an active interest in the evolving landscape of AI regulation.
- The "Translator" Skillset: You can translate rigid regulatory requirements into actionable technical tasks that make sense to a developer.
- Independence: You are energized by "getting your hands dirty" and owning the full lifecycle of a program without a team to delegate to.
- Communication: Exceptional English skills; able to negotiate effectively with both internal engineers and external auditors.
Eligibility Criteria
Eligibility details are unclear; more information regarding visa sponsorship or applicant restrictions is needed.
Exp. LevelNot specified
EducationNot specified
⚠️ Disclaimer: PathwayAI Africa does not guarantee employment, scholarships, visas, or admission. Always verify all opportunities through official sources before submitting personal information.
Check if You Qualify
Upload your CV to compare it against this specific opportunity. You can still apply even if improvements are recommended.
