Jobs / Sim***
Principal Governance, Risk and Compliance (GRC) Architect
Sim*** · Munich · Remote
Visa sponsorship details are locked. Unlock company name and apply link with .
MunichRemote
Remuneration
Not specified
Location
Munich · Remote
Central European Summer Time (UTC+2)
Visa sponsorship
Sponsors visa
Job summary
THE ROLE: THE BRIDGE BETWEEN RIGOR AND VELOCITY We are looking for a Principal GRC Architect who can solve a unique challenge: How do we maintain "gold-standard" security certifications without killing our "ship-fast" culture? We are already under continuous observation for SOC 2 Type II and are GDPR compliant.
Qualifications
- We are looking for a Principal GRC Architect who can solve a unique challenge: How do we maintain "gold-standard" security certifications without killing our "ship-fast" culture?
- You aren't here to create bureaucracy; you’re here to engineer compliance directly into our AWS infrastructure.
- of ITAR and FedRAMP.
- This includes managing the transition to/oversight of AWS GovCloud, defining network security boundaries, and ensuring encryption and IAM standards meet federal
- Bridge the "Speed vs.
- Lead Global Expansion: Architect and execute the technical and procedural implementation of TISAX, ITAR, and FedRAMP.
- GDPR Stewardship: Act as the internal authority on privacy, ensuring our data mapping and PIAs remain current without adding unnecessary friction.
- Customer Trust & Sales Support: Join calls with customer Infosec counterparts and handle technical vendor questionnaires to prove our security posture can be trusted by the world’s most demanding organizations.
- Individual Contributor Ownership: Act as a "department of one".
- You will write the policies, perform the risk assessments, and manage the audits yourself.
- WHAT YOU BRING
- Technical AWS Depth: You understand how to configure AWS beyond simple evidence collection.
Responsibilities
- You will be the architect of the system and the person turning the gears, designing the roadmap and then personally implementing the controls.
- Maintain Continuous Observation: Uphold our SOC 2 Type II standard using automated monitoring to ensure compliance is a constant state, not an annual event.
- Technical Infrastructure Strategy: Directly satisfy the high-bar technical
Skills
CommunicationEnglish
Degrees
Associate
Languages
EnglishGerman
Work schedule
Shift
Industry
AutomotivePublic-sector
Company size
Enterprise
Relocation
Yes