GRC Engineer

Samsung Ads is proud to be at the forefront of redefining advertising in the Advanced TV landscape. Our mission is to help consumers discover relevant content and brands, while providing advertisers the opportunity to amplify their brand messaging and fully surround the Samsung audience.

Powered by deep analytics and industry-leading technology, Samsung Ads is an intuitive audience platform, delivering meaningful experiences to reach the right audience across Smart TVs, mobile and desktop. With the largest proprietary dataset powered by Automatic Content Recognition (ACR), combined with third-party data from trusted partners, we offer advertisers real‑time TV viewing insights from over 35 MM TVs in the US and a reach of 250M+ devices globally.

From native placements on millions of Samsung Smart TVs to seamless activation across surrounding devices, we help marketers make informed decisions through our unparalleled reach, meaningful experiences and deeper insights. Our breadth of data—from consumer viewership preferences to connected device usage —helps inform richer insights, providing advertisers the ability to bridge the linear TV and digital landscape.

As a GRC Engineer, you will play a crucial role in strengthening our security posture. You will design, implement, and maintain the risk management processes, compliance frameworks, and policies. You will support internal audit activities, drive compliance programs, and partner with cross‑functional stakeholders to reduce compliance risk, maintain certifications, and strengthen customer trust.

The successful candidate will be expected to take part in the on‑call rotation to periodically provide cover for addressing any high and critical events outside normal working hours.

• Formulate and drive GRC roadmap (including AI governance), policies, vendor security reviews, data processor reviews, risk register maintenance, and employee awareness training.
• Partner with external auditors to achieve security compliance certifications and reports.
• Identifying and escalating risks or issues to senior leadership, providing actionable recommendations for timely resolution.
• Regularly report on status, operational metrics and KPIs, providing transparency to company leadership and internal stakeholder teams.
• Drive compliance certifications.
• Drive the adoption of self‑service automation for evidence submission, exceptions, and compliance reporting.
• Embed security control validation into CI/CD pipelines and engineering workflows.
• Develop dashboards, KPIs, etc to measure security compliance, risk, and control effectiveness across all environments and products.
• Implement an automation‑first GRC strategy and continuously evaluate emerging technologies, tools, and frameworks.
• Contribute to the security operations work streams (including siem/soar, playbooks creation).

• Minimum 8 years of experience and a Bachelor's degree; or 6 years and a Master's degree; or a PhD with 3 years.
• Proficiency with GRC tools and technologies used to manage risk and compliance programs.
• Proficiency in Python or similar.
• Ability to collaborate cross‑functionally, including engineering, sales, legal, finance, and other teams.
• Ability to work on your own with self‑motivation and be able to motivate your team members. Ability to ensure tasks are completed as specified without micromanaging.
• A solution‑oriented approach to problem‑solving with an eye for detail and efficiency.
• Understanding of cloud security on AWS.
• Understanding of common security threats, vulnerabilities, and attack vectors (e.g., OWASP top 10, MITRE ATT&CK framework, MITRE ATLAS).
• Strong oral and written communication skills.
• Strong analytical and result‑driven mindset.

If you're interested in joining a growing team securing an outstanding, world‑class advertising organization with a relentless focus on design and customer experience, you've come to the right place!

The salary range for this role is expected to be between $190,000 and $210,000. Actual pay will be determined considering factors such as relevant skills and experience, and comparison to other employees in the role.