Senior Risk & Compliance Automation Engineer

Why Valmont

Were Here to Move the World Forward.

Valmont impacts millions of people around the world every day yet they might not realize the many ways. Our technology is helping feed the growing population supplying the world with more reliable energy and access to renewables enhancing connectivity in remote and urban locations to create a sustainable future and so much more. Simply put Valmont is advancing agricultural productivity and reimagining vital infrastructure to make life better.

Join a Fortune 1000 company that respects hard work honors diversity and invests in our employees as we focus on creating the world of tomorrow today. We are the modern workforce. Are you ready to move the world forward Apply now.

Primary Responsibilities:

• Maintain the IT risk inventory to track identified issues and risks including risk acceptances and remediation plans; provide governance oversight and reporting on issues and risks.
• Lead the planning scoping execution and documentation of risk management activities associated with technology and technology-related risks including cybersecurity and OT environments.
• Identify validate and assess security risks; develop socialize and guide engineering and business teams through risk treatment plans.
• Design and build automation for GRC processes including evidence collection control validations real-time control effectiveness checks and broader GRC workflows such as risk register Third Party Risk assessments and enterprise systems controls definition.
• Design data pipelines that aggregate and normalize risk-relevant data across enterprise systems to support KRIs control-maturity insights and risk dashboards.
• Automate repeatable GRC processes including compliance monitoring reporting and evidence loading across multiple data inputs and information systems; set up control attestation and evidence automation workflows and build KRI/KPI scorecards across business units.
• Lead collaboration efforts with IT value stream owners to define and implement effective control activities processes and standards and document supporting policies and procedures.
• Consult and assist IT Risk and Control Owners in the planning design implementation operation maintenance and remediation of control activities and supporting requirements such as policies standards processes and system configurations.
• Support incident response from a compliance perspective contributing to analysis containment and mitigation strategies; coordinate with Legal on breach notification and regulatory reporting requirements.

Additional Responsibilities:

• Lead security reviews for proposed AI technologies evaluating risks related to data handling model behavior and system integration aligned to NIST AI RMF and ISO 42001.
• Integrate AI-specific security controls into enterprise governance processes such as procurement vendor risk management and software change control.
• Establish measurable indicators of AI risk posture and effectiveness of AI security controls.
• Build dashboards and operational views that present risk trends control-maturity indicators and audit-readiness status.
• Serve as the automation SME for troubleshooting system design and expanding capabilities; partner with GRC team members to validate expected behavior and troubleshoot gaps.
• Develop and maintain repeatable automation patterns to support consistent vendor onboarding and third-party risk assessments across the organization.
• Contribute to the development and publication of information security policies standards and guidelines related to AI and emerging technologies.

Required Qualifications of Every Candidate (Education Experience Knowledge Skills and Abilities):

• Minimum 5 years of experience in information security risk management or GRC with at least 2 years of hands-on experience in security engineering automation development AI security or data security.
• Working knowledge of GRC and cybersecurity frameworks including SOC 2 NIST CSF 2.0 CIS Controls v8 and ISO 27001; familiarity with AI governance frameworks such as NIST AI RMF and ISO 42001; and practical understanding of the Three Lines of Defense model as applied to IT control ownership and risk accountability.
• Experience performing cybersecurity risk assessments business impact analysis planning and reporting; foundational understanding of Risk Management concepts and principles.
• Demonstrated data and automation skills including experience with Power BI SQL or Python for data preparation transformation and analytics.
• Hands-on experience with one or more GRC automation platforms such as Vanta Anecdotes 6clicks or AuditBoard including configuring questionnaires workflows object models APIs and role-based dashboards; experience with ServiceNow IRM/GRC Jira and cloud platforms such as Azure or GCP is strongly preferred.
• Must be available for U.S. time zone meetings; flexible/hybrid schedule with ability to work in the office on a regular basis.
• High level of initiative and self-motivation; self-driven and capable of managing priorities independently while maintaining clear communication and alignment.
• Excellent written and verbal communication skills; able to convey complex topics to diverse audiences including executives.
• Problem-solving critical thinking and analytical ability; comfortable working in evolving environments and bringing structure to new or ambiguous domains.
• Ability to work independently and as part of a team in a fast-paced dynamic environment.

Valmont does not discriminate against any employee or applicant in employment opportunities or practices on the basis of race color religion sex sexual orientation gender identity national origin age genetic information veteran status disability or any other characteristic protected by law. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

If you have a disability and require any assistance in filling out the application for employment email

Highly Qualified Candidates Will Also Possess These Qualifications:

• Bachelors or Masters degree in computer science Computer Engineering Information Systems Cybersecurity or related field.
• Six or more years of experience in information security risk and compliance with a broad knowledge of network cloud and enterprise systems.
• Background in manufacturing industrial technology or OT/ICS environments; experience at Valmont or similar diversified industrial enterprise is a plus.
• Demonstrated leadership experience developing or scaling security or compliance programs across a diversified enterprise.
• Professional certifications such as CRISC CISSP CISM CISA AIGP or equivalent GRC/security credentials.