Information Security Engineer - GRC

Design, implement, audit, and maintain governance, risk management, and compliance (GRC) controls for the organization’s information security program aligned to the National Institute of Standards and Technology (NIST), the Center for Internet Security (CIS), and the International Organization for Standardization (ISO) 27000 family of frameworks. Drive policy, risk assessments, third party risk, audit readiness, and continuous compliance with regulatory and industry standards, using an organized and project managed approach.

• Governance, policy & control design: Maintain policies/standards; map obligations to NIST CSF, NIST SP 800-53/800-171, CIS, and ISO 27001; define testable controls, procedures, and evidence requirements.
• Risk management & exceptions: Conduct risk assessments; document scenarios and residual risk; maintain risk register, compensating controls, and remediation plans; support exception/acceptance decisions with rationale and evidence.
• Compliance & audit readiness: Test controls (design/operating effectiveness), document gaps, assemble audit evidence, and track findings to validated closure.
• Third-party risk: Assess vendor security (questionnaires, SOC/ISO artifacts, evidence review), document risk and required controls/terms, and drive remediation follow-ups.
• Control implementation support & monitoring: Partner with IT/Sec Ops to implement and run controls (access, logging, vuln mgmt, encryption, backup/DR) and define monitoring, evidence sources, and test cadence.
• Metrics & stakeholder communication: Produce dashboards and brief status reports on risk, control health, audit readiness, and remediation aging for technical and non-technical stakeholders.
• Operational support & enablement: Provide GRC support for incidents/vulnerabilities and privacy obligations; publish practical guidance (standards, job aids, FAQs) to increase control adoption and reduce exceptions.

• 10+ years experience in information security, including GRC, or risk/compliance roles.
• Demonstrated experience with NIST frameworks (NIST CSF, NIST SP 800-53, NIST RMF, NIST SP 800-171), CIS 8.1, and ISO 27001.
• Hands‑on experience conducting risk assessments, control assessments, and audit responses.
• Experience with regulatory requirements relevant to the organization (e.g., CMMC, TISAX, CTPAT, GDPR, IATF).
• Strong communication skills; experience producing executive‑level reporting.
• Experience with GRC tooling (e.g., Archer, Service Now GRC, One Trust, RSA) and security monitoring platforms.

• Master’s degree or relevant advanced certification.
• Certifications:
  
  CISSP, CISM, CRISC, CGEIT, or equivalent.
• Experience with cloud security (AWS/Azure/GCP) controls and cloud compliance frameworks.

Kyocera-AVX is an Equal Opportunity

Employer:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or status as a protected veteran.