Senior Security Engineer and GRC Specialist

Direct message the job poster from emagine - Portugal

Senior Security Engineer and GRC Specialist

Summary

We are seeking a hands-on Security Engineer and GRC Specialist who blends deep technical expertise with risk management and regulatory compliance. This hybrid role involves implementing security controls, actively supporting security operations, and implementing regulatory readiness across the organization. The ideal candidate can define a risk and compliance framework while also being deeply engaged in day-to-day engineering tasks, incident response, and continuous security improvement.

Key ResponsibilitiesSecurity Engineering

- Apply secure configuration baselines and hardening across operating systems, databases, and cloud environments.

- Automate security processes where possible to improve efficiency and reduce manual overhead.

- Support performing security and vulnerability assessments.

- Support IT teams in implementing patches.

- Support threat hunting, root cause analysis, and post-incident improvement efforts.

Risk, Compliance & Governance

- Identify and assess security risks associated with IT systems and develop strategies to mitigate these risks.

- Develop, document, and enforce security policies, standards, and procedures.

- Conduct risk assessments and implement risk mitigation measures, and monitor their effectiveness.

- Ensure compliance with frameworks and regulations such as NIS2, GDPR, ISO 27001, NIST, IEC 62443, and Chinese data and cybersecurity regulations.

- Perform vendor and third-party risk assessments.

- Support the implementation of business continuity, disaster recovery, and incident response plans.

- Act as a trusted advisor to internal teams on security best practices and secure solution design.

- Translate complex security topics into actionable guidance for both technical and business stakeholders.

Qualifications

- Bachelor’s degree in Information Security, Computer Science, or a related technical field.

- 8–12 years of cybersecurity experience, with both GRC and hands-on engineering background.

- Strong understanding of frameworks and regulations such as NIS2, GDPR, ISO 27001, NIST, and Chinese data and cybersecurity regulations.

- Strong working knowledge of regulatory compliance requirements in NIS2.

- Familiarity with GRC tools, data protection, and risk assessment methodologies.

- Working knowledge of Microsoft Azure, AWS, or OCI security services.

- Experience with tools such as SIEM, EDR, vulnerability scanners, and cloud-native controls will be an advantage.

- Knowledge of IAM concepts including SSO, MFA, PAM, and access reviews.

- Relevant certifications are a plus: CRISC, CISA, ISO/IEC 27001 Lead Auditor or similar.

- Technical Depth: Strong hands-on capability in engineering and cloud security.

- Strategic Vision: Ability to balance long-term design with immediate needs.

- Problem-Solving: Practical, results-driven approach to complex challenges.

- Communication: Clear, concise, and persuasive communicator across all levels.

- Adaptability: Stays ahead of threats, tech changes, and regulatory shifts.

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  Software Development

Referrals increase your chances of interviewing at emagine - Portugal by 2x

Copenhagen, Capital Region of Denmark, Denmark 3 weeks ago

Copenhagen, Capital Region of Denmark, Denmark $70,000.00-$80,000.00 3 weeks ago

Brøndby Municipality, Capital Region of Denmark, Denmark 2 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.