GRC Engineer
GRC Engineer
Posted on :
11-04-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Description
Enphase Energy is a global energy technology company and leading provider of solar battery and electric vehicle charging products. Founded in 2006 Enphase transformed the solar industry with our revolutionary microinverter technology which turns sunlight into a safe reliable resilient and scalable source of energy to power our lives. Today the Enphase Energy System helps people make use save and sell their own power. Enphase is also one of the fastest growing and innovative clean energy companies in the world with approximately 68 million products installed across more than 145 countries.
We are building teams that are designing developing and manufacturing nextgeneration energy technologies and our work environment is fastpaced fun and full of exciting new projects.
If you are passionate about advancing a more sustainable future this is the perfect time to join Enphase!
About the role:
Enphase Energys Information Security (InfoSec) organization is a growing collaborative team focused on protecting Enphases data and technology assets from cyber risks and threats internal and external while driving a security culture into the business use of IT. This is our team mission and we are passionate about it. The InfoSec organization provides information and cybersecurity services to Enphases businesses and our goal is to provide safe secure and resilient IT services to our stakeholders.
A key part of achieving that goal is providing modern and comprehensive GRC (Governance Risk and Compliance) to support Compliance Program areas Legal and Regulatory processes risks and controls and provide oversight to ensure internal standards and applicable regulatory requirements are satisfied. Enphases IT Security GRC Team will perform periodic testing monitoring and validation of business controls for compliance with applicable laws and regulations.
To achieve these objectives the InfoSec organization is looking for a GRC expert to drive the GRC program.
Key Responsibilities:
- Manage endtoend Enphase SOC2 Type2 audit requirements and recurring compliance activities.
- Handling SOX ITGC audit activities including the new SEC Cyber Security Requirements.
- Work with the Internal Audit Team to address IT control gap and manage risk.
- Conduct security reviews of internal systems and identify areas of improvement.
- Manage the Governance part of Vulnerability Management. Collaborate with teams on vulnerability remediation.
- Identify and report new IS risks in the IS Risk Registers on a continuous basis. Report top risks to the management.
- Perform Vendor Security Review for new and existing vendors. Review Vendor agreements for Information Security related clauses.
- Create Update and enforce IS Policies and Procedures. Track policy compliance across the organization and conduct policy awareness sessions.
- Create and maintain an information security dashboard on inhouse analytics tool.
- Drive Identity and Access Management review for critical apps.
- Provide periodic updates to internal stakeholders on adherence to IS compliance requirements
- Collaborate with SecOps Security Engineering and Product Security Team to prioritize and address security gaps.
Required Skill and Experience:
- 35 yrs of experience in IS GRC focusing on regulatory compliance.
- In depth understanding of security standards and frameworks (E.g. ISO 27001 NIST CSF PCI DSS SOX 404 SOC2 NIS2 and PCI DSS.
- Should be a Graduate B.E/ B.Tech with specialization in Computer Science IT IS/Cyber Security or relevant ITrelated fields.
- Should have scored 70 and above in 10th 12th and Graduation.
- Knowledge of Python or similar scripting language. Knowledge of PySpark or SparkSQL is an added advantage.
- Excellent Data Analysis and Presentation skills using Microsoft Excel and PowerPoint.
- Certifications (Preferred): CompTIA Security CISA (not mandatory)
- Highly responsive and proven professionalism in communication interpersonal analytical and organizational skills.
- Ability to synthesize a variety of data points problemsolve and formulate comprehensive and effective and risk mitigation plans.
- Desired Skill and Experience:
- High degree of creativity and outofthebox thinking.
- Able to execute multiple projects simultaneously in fastpaced environments.
- Ability to share knowledge and collaborate by developing content and documentation for distribution to other team members managers and customers.
- Ability to work in a fastpaced collaborative and everchanging global environment.
- Takes responsibility and achieves results.
- Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.
- Outstanding organization skills.
Employment Type
Full-Time
Department / Functional Area
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
