Security & Privacy GRC Engineer
202538
Desired skills:
iso 27001, GRC, Compliance, Security, Dublin
Security & Privacy GRC Engineer
Location: Dublin
Type: Full-Time
Salary: €80,000 - €100,000
A security-conscious organisation operating across cloud-first and data-driven environments is strengthening its governance capability with a dedicated Security & Privacy GRC Engineer. This role is focused on the intersection of information security, privacy engineering, and risk, supporting regulated workloads and customer-facing platforms.
This is a hands-on governance role - close to systems, data flows, and control implementation - rather than a policy-only position.
The Role
You'll work with security and privacy governance across cloud services, internal platforms, and third-party providers. The focus is on maintaining a mature ISMS, embedding privacy-by-design principles, and translating regulatory and framework requirements into controls that are practical, auditable, and scalable.
You'll work closely with engineering, IT, legal, and product teams to ensure security and privacy requirements are built into how systems operate day to day.
Key Responsibilities
1. Own and maintain the ISMS aligned to ISO 27001, with extension into ISO 27701 and cloud privacy controls
2. Embed GDPR and privacy-by-design requirements into system design, access models, and data handling processes
3. Lead and support audits and attestations (ISO 27001/27701, SOC 2), including evidence management and remediation
4. Perform security and privacy risk assessments aligned to ISO 31000
5. Maintain and improve control mappings across NIST, CSA CCM, COBIT, and internal standards
6. Support third-party and cloud provider risk assessments, including data protection and residency considerations
7. Define and maintain policies for data classification, retention, encryption, and access control
8. Partner with engineering teams to ensure controls are implemented, monitored, and tested in practice
9. Track risks, exceptions, and security metrics, providing clear reporting to stakeholders
Skills & Experience
10. 4-7 years' experience in security governance, privacy, risk, or compliance-focused roles
11. Strong working knowledge of GDPR, ISO 27001, ISO 27701, and ISO 27018
12. Experience mapping and operating controls across SOC 2, NIST, CSA CCM, COBIT, PCI-DSS
13. Understanding of privacy engineering concepts, data lifecycle management, and risk-based decision making
14. Comfortable working with technical teams on cloud, identity, and data platforms
15. Strong documentation, audit, and stakeholder communication skills
Reperio Human Capital acts as an Employment Agency and an Employment Business.
Recruiter not found