GRC Engineer at CIGAM Software de Gestão | Hybrid Hired

About the role

GRC Engineer at Ouro improving risk assessment methodologies in a financial technology environment. Collaborating with teams to ensure effective security and compliance practices in cloud services.

Responsibilities

Lead technical risk assessments across applications, cloud services, third-party integrations, and internal systems.
Assess control effectiveness against frameworks such as NIST CSF, ISO 27001, SOC 2, PCI-DSS, and internal policies.
Develop and maintain detailed risk registers and mitigation plans.
Validate logging coverage, access controls, encryption configurations, and identity/security controls across cloud and infrastructure environments.
Contribute to the development and maintenance of security policies, technical standards, and architecture principles.
Translate compliance requirements into technical control specifications.
Support engineering teams in interpreting and implementing controls correctly.
Collaborate with internal audit and external auditors to provide evidence and narrative explanations for control effectiveness.
Serve as a technical advisor to product and infrastructure teams during design, build, and release cycles.
Improve risk assessment methodologies and tooling, including automation where possible.
Provide GRC insights into threat modeling, vendor security reviews, and third-party due diligence.
Support continuous improvement initiatives across governance, compliance, and risk processes.
Review product, application, and cloud infrastructure architectures for security control gaps, misconfigurations, and design risks.
Evaluate engineering design documents, data flow diagrams, and deployment patterns to ensure alignment with security best practices (e.g., zero trust, least privilege, secure SDLC).
Provide actionable recommendations to engineering teams to address identified risks.
Participate in security design reviews for new and evolving technologies

Requirements

5+ years of experience in GRC, security engineering, architecture review, or related technical security roles.
Strong understanding of cloud platforms (AWS, GCP, Azure) and their native security controls.
Hands-on experience reviewing architecture diagrams, data flows, and engineering design patterns.
Deep familiarity with security frameworks: NIST CSF, ISO 27001/27002//27017/27018/42001, PCI-DSS, CIS, SOC 2 Trust Principles, and MITRE ATLAS/ATT&CK.
Proven ability to conduct comprehensive technical risk assessments.
AI/ML architecture/governance over MCP, RAG, and agentic workflows
API integration and orchestration
Coding and scripting capabilities using Python, SQL, Go, and Powershell
Understanding of CI/CD pipelines, container orchestration (Kubernetes), IAM, network security, and logging pipelines.
Excellent communication skills and ability to translate complex technical risks to business stakeholders.

Benefits

Health insurance
Flexible work arrangements
Professional development opportunities

Similar roles

Browse all Compliance jobs

3 hours ago

TG

Facilities & Compliance Coordinator

Transport UK Group

Facilities & Compliance Coordinator overseeing maintenance and compliance tasks at Solvd.'s Glasgow office. Ensuring safety standards and efficient operations through effective management and oversight.

Hybrid Role

Glasgow United Kingdom Compliance

£28,000 - £32,000 per year

9 hours ago

FI

Head of AMLCO, Compliance

Finom

Compliance Officer and AMLCO for a tech startup in Cyprus. Responsible for regulatory compliance and managing financial crime risks.

Hybrid Role

Cyprus Compliance

10 hours ago

CO

Compliance Officer

CoinsPaid

Compliance Officer ensuring compliance with Estonian financial regulations and working closely with authorities. Drafting policies and conducting training within a remote - first crypto payments company.

Hybrid Role

Estonia Compliance

11 hours ago

BR

Compliance Manager

Brighte

Compliance Manager overseeing regulatory compliance in Australia's energy sector startup. Leading compliance strategies and risk mitigation for consumer energy resources at Brighte.

Hybrid Role

Sydney Australia Compliance

14 hours ago

CG

Senior Regulatory Scientist

Cook Group

Senior Regulatory Scientist conducting compliance reviews and developing regulatory strategies for medical devices at COOK. Ensuring adherence to regulatory standards while supporting clinical evaluations and audits.

Onsite Role

Chaoyang District China Compliance

14 hours ago

CG

Ethics & Compliance Specialist

Cook Group

Ethics & Compliance Specialist at Cook Australia acting as the key compliance contact. Partnering with teams to enhance and enforce compliance program across various regions and areas.

Onsite Role

Eight Mile Plains Australia Compliance

15 hours ago

NS

Trade Compliance and Transportation Manager

NXP Semiconductors

Trade Compliance Manager overseeing trade compliance and logistics operations for NXP in Malaysia. Ensuring adherence to regulations and leading supply chain security initiatives.

Onsite Role

Kuala Lumpur Malaysia Compliance

15 hours ago

IO

Director of Technology Regulation

Information Commissioner's Office

Director of Technology providing strategic leadership at the ICO's Technology directorate. Overseeing regulatory interventions and ensuring effective policy development in a complex environment.

Hybrid Role

London United Kingdom Compliance

£91,276 - £104,513 per year

19 hours ago

NI

VP, Global Commercial Compliance

Nium

VP leading compliance architecture for complex multi - jurisdiction deals in fintech. Engaging with clients and translating regulatory changes into commercial opportunities for global markets.

Hybrid Role

London United Kingdom Compliance

20 hours ago

IN

Senior Manager, Environmental Compliance – Strategy

Invenergy

Senior Manager managing cultural resource management and Tribal relations program at Invenergy. Leading development and implementation for energy development compliance across the US.

Onsite Role

Portland United States Compliance

$149,000 - $175,000 per year