×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Principal Engineer , Cyber - IT Security Governance

Job in Columbus, Franklin County, Ohio, 43216, USA
Listing for: Western Alliance Bancorporation
Full Time position
Listed on 2026-06-03
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Job Description & How to Apply Below
Position: Principal Engineer I, Cyber - IT Security Governance
Job Title:

Principal Engineer I, Cyber - IT Security Governance

Location:

City Scape

What you'll do:

As a Principal IT Security Governance Engineer, you will serve as a senior individual contributor responsible for leading and advancing the organization's cybersecurity governance, risk management, and maturity initiatives. This role combines deep expertise in cyber risk, control design, CRI Profile maturity, and policy management with a strong understanding of modern engineering practices, data, automation, and AI-driven capabilities.

You will drive complex, cross-functional initiatives that embed secure, compliant, and scalable practices into technology, data, and AI solutions, ensuring alignment with enterprise risk management objectives and regulatory expectations. This includes designing and implementing governance frameworks, control structures, and engineering-enabled solutions that enhance the effectiveness, consistency, and automation of risk assessments, RCSAs, and control monitoring.

In this role, you will act as both a governance and technical authority, partnering closely with engineering, data, and risk teams to translate evolving technologies into defensible, regulator-ready processes, controls, and documentation. You will leverage data, automation, and AI to improve visibility into risk posture, drive operational efficiency, and enable sustained improvements in cybersecurity maturity and program scalability.

* Own and lead cybersecurity governance initiatives spanning risk identification, control design, policy management, and maturity improvement.

* Serve as a subject‑matter expert for cyber risk management, providing guidance on control effectiveness, risk treatment, and residual risk decisions.

* Drive execution of cybersecurity Risk & Control Self‑Assessments (RCSAs), ensuring alignment to ERM standards and regulatory expectations.

* Own and manage CRI Profile assessments, maturity scoring, evidence standards, and remediation tracking. Partner with technology, security, and risk teams to drive improved and sustained maturity gains.

* Maintain traceability between risks, controls, assessment results, and remediation activities.

* Lead the development, maintenance, and rationalization of cybersecurity policies, standards, and procedures in alignment with industry best practices (e.g., GLBA, FFIEC, NIST).

* Design, document, and maintain cyber risk statements, control descriptions, and control narratives suitable for audits and regulatory exams.

* Support internal audits, regulatory exams, and second line credible challenge through structured responses, evidence packaging, and issue management.

* Track and report on control performance, risk posture, and remediation progress using defined metrics and governance forums.

* Manage complex projects requiring coordination across IT, Information Security, ERM, Privacy, and Audit.

* Act as a trusted advisor to senior leaders on risk posture, maturity trends, and program health.

* Produce clear, executive‑ready artifacts including risk summaries, maturity dashboards, remediation roadmaps, and briefing materials.

* Develop and maintain automation solutions (e.g., scripting, workflow tools, AI-assisted processes) to improve efficiency of risk assessments, control testing, and evidence collection.

* Enable data-driven insights and reporting through engineering-oriented solutions (e.g., dashboards, metrics automation, control monitoring).

* Drive integration of AI and automation into RCSA, CRI assessments, and risk reporting processes to improve scalability, consistency, and accuracy.

What you'll need:

* 8+ years of related experience in Cybersecurity, Information Security Governance, IT Risk, or Enterprise Risk Management.

* Bachelor's degree in Information Systems, Computer Science, Cybersecurity, Risk Management, or a related field. Masters or MBA in related field preferred.

* Advanced to expert experience with:

* Cyber Risk Management frameworks (NIST CSF, CRI Profile, FFIEC, ISO 27001 principles).

* RCSAs, risk identification, control design, and residual risk assessment.

* Policy, standard, and procedure lifecycle management.

* Regulatory and audit…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search