Head of Risk & Regulatory Compliance leading risk management and compliance in Meruriyo’s Croatian entity. Ensuring alignment with EU regulatory requirements for crypto - asset services.
About the role
- GRC Engineer at Ouro handling risk assessments and compliance engineering for cloud services. Collaborating with teams to ensure security control effectiveness across applications and infrastructure.
Responsibilities
- Lead technical risk assessments across applications, cloud services, third-party integrations, and internal systems.
- Assess control effectiveness against frameworks such as NIST CSF, ISO 27001, SOC 2, PCI-DSS, and internal policies.
- Develop and maintain detailed risk registers and mitigation plans.
- Validate logging coverage, access controls, encryption configurations, and identity/security controls across cloud and infrastructure environments.
- Contribute to the development and maintenance of security policies, technical standards, and architecture principles.
- Translate compliance requirements into technical control specifications.
- Support engineering teams in interpreting and implementing controls correctly.
- Collaborate with internal audit and external auditors to provide evidence and narrative explanations for control effectiveness.
- Serve as a technical advisor to product and infrastructure teams during design, build, and release cycles.
- Improve risk assessment methodologies and tooling, including automation where possible.
- Provide GRC insights into threat modeling, vendor security reviews, and third-party due diligence.
- Support continuous improvement initiatives across governance, compliance, and risk processes.
- Review product, application, and cloud infrastructure architectures for security control gaps, misconfigurations, and design risks.
- Evaluate engineering design documents, data flow diagrams, and deployment patterns to ensure alignment with security best practices (e.g., zero trust, least privilege, secure SDLC).
- Provide actionable recommendations to engineering teams to address identified risks.
- Participate in security design reviews for new and evolving technologies
Requirements
- 5+ years of experience in GRC, security engineering, architecture review, or related technical security roles.
- Strong understanding of cloud platforms (AWS, GCP, Azure) and their native security controls.
- Hands-on experience reviewing architecture diagrams, data flows, and engineering design patterns.
- Deep familiarity with security frameworks: NIST CSF, ISO 27001/27002//27017/27018/42001, PCI-DSS, CIS, SOC 2 Trust Principles, and MITRE ATLAS/ATT&CK.
- Proven ability to conduct comprehensive technical risk assessments.
- AI/ML architecture/governance over MCP, RAG, and agentic workflows
- API integration and orchestration
- Coding and scripting capabilities using Python, SQL, Go, and Powershell
- Understanding of CI/CD pipelines, container orchestration (Kubernetes), IAM, network security, and logging pipelines.
- Excellent communication skills and ability to translate complex technical risks to business stakeholders.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Regulatory Compliance Manager overseeing compliance matters for a leading international financial institution. Ensuring alignment with regulatory requirements across corporate and investment banking businesses in an international environment.
Investigator managing compliance with Oregon’s Government Ethics laws for the Oregon Government Ethics Commission. Conducting investigations, drafting reports, and providing legal advice to public officials.
Compliance Manager overseeing regulatory audits and compliance projects at Elevance Health. Ensuring adherence to regulations and managing audits while collaborating with various stakeholders.
Senior Manager guiding compliance for CVS Health's regulatory inquiries. Leading market conduct exams and driving action plans across the organization.
Trade Compliance Manager managing compliance for Teledyne MEMS. Responsible for adherence to Canadian and U.S. trade laws with hybrid work schedule.
Director of Compliance Operations ensuring AltaLink's compliance with Alberta standards and regulations. Leading a team to manage corporate compliance activities effectively.
IT Risk and Compliance Senior Specialist at GDIT managing security for cloud and on - premises systems. Collaborating with stakeholders and developing security documentation while ensuring compliance with regulations.
Manager for Portfolio Compliance overseeing investment compliance and regulatory guidance in New York at AustralianSuper. Leading compliance monitoring and governance for investment activities.
Export Compliance Manager overseeing export compliance programs and processes. Ensuring alignment with global regulatory requirements while partnering with leadership to minimize risks in international trade.