Jobs / Sim***

Principal Governance, Risk and Compliance (GRC) Architect

Sim*** · Munich · Remote
Visa sponsorship details are locked. Unlock company name and apply link with .
MunichRemote
Remuneration
Not specified
Location
Munich · Remote
Central European Summer Time (UTC+2)
Visa sponsorship
Sponsors visa

Job summary

THE ROLE: THE BRIDGE BETWEEN RIGOR AND VELOCITY We are looking for a Principal GRC Architect who can solve a unique challenge: How do we maintain "gold-standard" security certifications without killing our "ship-fast" culture? We are already under continuous observation for SOC 2 Type II and are GDPR compliant.

Qualifications

  • We are looking for a Principal GRC Architect who can solve a unique challenge: How do we maintain "gold-standard" security certifications without killing our "ship-fast" culture?
  • You aren't here to create bureaucracy; you’re here to engineer compliance directly into our AWS infrastructure.
  • of ITAR and FedRAMP.
  • This includes managing the transition to/oversight of AWS GovCloud, defining network security boundaries, and ensuring encryption and IAM standards meet federal
  • Bridge the "Speed vs.
  • Lead Global Expansion: Architect and execute the technical and procedural implementation of TISAX, ITAR, and FedRAMP.
  • GDPR Stewardship: Act as the internal authority on privacy, ensuring our data mapping and PIAs remain current without adding unnecessary friction.
  • Customer Trust & Sales Support: Join calls with customer Infosec counterparts and handle technical vendor questionnaires to prove our security posture can be trusted by the world’s most demanding organizations.
  • Individual Contributor Ownership: Act as a "department of one".
  • You will write the policies, perform the risk assessments, and manage the audits yourself.
  • WHAT YOU BRING
  • Technical AWS Depth: You understand how to configure AWS beyond simple evidence collection.

Responsibilities

  • You will be the architect of the system and the person turning the gears, designing the roadmap and then personally implementing the controls.
  • Maintain Continuous Observation: Uphold our SOC 2 Type II standard using automated monitoring to ensure compliance is a constant state, not an annual event.
  • Technical Infrastructure Strategy: Directly satisfy the high-bar technical

Skills

CommunicationEnglish

Degrees

Associate

Languages

EnglishGerman

Work schedule

Shift

Industry

AutomotivePublic-sector

Company size

Enterprise

Relocation

Yes