GRC Engineer

About Nintendo of America:
From the launch of the Nintendo Entertainment System more than 30 years ago, Nintendo's mission has been to create smiles through unique entertainment experiences. Here at Nintendo of America Inc., we deliver on this mission by partnering closely with Nintendo Co., Ltd., to bring Nintendo's iconic and cherished franchises including Mario, Donkey Kong, The Legend of Zelda, Metroid, Animal Crossing, Pikmin and Splatoon across the Americas through our video games, hardware systems, and collaborations with partners on a range of other entertainment initiatives like feature films and theme parks.

Based in Redmond, Wash., Nintendo of America serves as headquarters for Nintendo's operations in the Americas. We are an equal opportunity employer offering a welcoming and inclusive environment in service to one another, our products, and the diverse consumers and communities we call home. For more information about Nintendo, please visit the company's website at

Job Summary:

This role is within Nintendo of America (NOA)'s IT Security department. We are hiring a GRC Engineer to help modernize how Governance, Risk, and Compliance (GRC) operates across the organization. This role is focused on reducing compliance burden, improving scalability, and enabling sustainable compliance through thoughtful use of automation, tooling, and sound engineering judgment.

This is an early-to-mid career role designed for someone with a solid foundation in cybersecurity risk and compliance who is ready to grow into a more technical, systems-oriented GRC career path. The GRC Engineer will work hands-on with both GRC processes and technical solutions, learning how to design workflows that scale while continuing to build depth in regulatory interpretation, risk management, and business partnership.

This role is accountable for how GRC work gets done, not just for completing GRC tasks. Routine compliance activities are expected to become increasingly automated; this role focuses on designing, improving, and governing those workflows to make compliance more reliable and less disruptive to the business.

Description of Duties:

Conduct cybersecurity risk assessments, including third-party/vendor risk evaluations (TPRM), with an emphasis on consistency, repeatability, and scalability
Identify, analyze, and document security risks, threats, and vulnerabilities
Support the development and maintenance of risk registers and risk treatment plans
Assist in ensuring compliance with applicable regulations, standards, and frameworks (e.g., NIST CSF, PCI DSS, J-SOX, etc.)
Contribute to the development, review, and maintenance of information security policies, standards, and procedures
Support internal and external audits, including evidence collection and remediation tracking
Monitor and report on compliance posture, control effectiveness, and risk metrics
Help design, build, and maintain automation and tooling that reduces manual GRC effort and improves reliability
Apply the most appropriate technical approach-custom scripts, low-code/no-code platforms, workflow automation, or AI-assisted techniques-based on problem complexity and process maturity
Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud platforms) to support compliance by design
Contribute to scalable approaches for evidence collection, control testing, risk tracking, and reporting
Identify opportunities to reduce GRC toil and compliance friction for both the business and the security team
Treat GRC capabilities as internal products, iteratively improving workflows, usability, and sustainability over time
Partner with IT, engineering, legal, privacy, and business teams to support effective and practical security control implementation
Translate regulatory and framework requirements into clear, implementable expectations
Provide guidance and support to stakeholders to help them meet compliance requirements with minimal disruption
Maintain awareness of emerging threats, regulatory changes, and industry best practices

Summary of Requirements:

Minimum of four (4) years of related experience in security development technologies and…