COMMUNITY. It's not just our middle name. It's how we do business.

Security Risk & Controls Engineer

Security EngineerSecurity EngineerFull TimeRemoteTeam 201-500Since 1997H1B No SponsorCompany Site LinkedIn

Location

United States

Posted

100 days ago

Salary

Not specified

Bachelor Degree8 yrs expExperience acceptedEnglishAzureCloudCyber SecurityLinuxPythonType Script

Job Description

• The Cybersecurity Risk & Controls Engineer owns the day-to-day health of Coastal’s Security Program. • Define and maintain our enterprise control baseline aligned to the CRI Profile and FFIEC IT Examination Handbooks. • Work with control owners to implement automated and policy-aligned control processes. • Drive the Security Program Calendar to ensure time-bound and cyclical controls occur on schedule. • Perform and automate internal control testing. • Drive continuous control monitoring across cloud, identity, network, endpoint, data, and application domains. • Blend hands-on technical capability with classic GRC rigor. • Partner with Security Engineering, IT, Business Lines, Risk, Internal Audit, and Compliance.

Job Requirements

Demonstrated ability to operationalize FFIEC IT Handbooks and the CRI Profile into practical, auditable controls and testing procedures.
Hands-on skill implementing proactive controls and automating control testing/evidence collection using APIs, various languages (Python, TypeScript, Bash, and/or PowerShell), and data pipelines/dashboards.
Familiarity with Azure/Microsoft 365/Entra, Okta, Windows/Linux, networks, CI/CD, vulnerability management, EDR, logging/SIEM, and data protection.
Experience with GRC platforms and workflow/ticketing systems.
Strong understanding of FFIEC IT Examination Handbooks, NIST CSF, NIST SP 800-53, GLBA, SOX, and PCI DSS and ability to map and rationalize overlapping requirements.
Excellent written/oral communication with proven ability to influence cross-functional teams and present to management and auditors.
Bias for automation and measurable outcomes; comfortable in fast-moving, high-accountability settings.
8+ years in Cybersecurity Risk, Governance, Compliance, Security Operations, and/or risk engineering.
Experience in regulated industries, especially financial services, strongly preferred.
Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or related field; equivalent experience considered.
Certifications preferred: CRISC, CISA, CISSP, CISM, CCSK/CCSP, AZ-500 (or comparable).

Benefits

Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.
Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
Long-Term (LTD)/Short-Term Disability (STD): Income protection in the event of a long-term illness or injury.
Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
Holidays: Enjoy 11 paid holidays throughout the year.