Security Risk & Controls Engineer
Job Description:
• The Cybersecurity Risk & Controls Engineer owns the day-to-day health of Coastal’s Security Program.
• Define and maintain our enterprise control baseline aligned to the CRI Profile and FFIEC IT Examination Handbooks.
• Work with control owners to implement automated and policy-aligned control processes.
• Drive the Security Program Calendar to ensure time-bound and cyclical controls occur on schedule.
• Perform and automate internal control testing.
• Drive continuous control monitoring across cloud, identity, network, endpoint, data, and application domains.
• Blend hands-on technical capability with classic GRC rigor.
• Partner with Security Engineering, IT, Business Lines, Risk, Internal Audit, and Compliance.
Requirements:
• Demonstrated ability to operationalize FFIEC IT Handbooks and the CRI Profile into practical, auditable controls and testing procedures.
• Hands-on skill implementing proactive controls and automating control testing/evidence collection using APIs, various languages (Python, TypeScript, Bash, and/or PowerShell), and data pipelines/dashboards.
• Familiarity with Azure/Microsoft 365/Entra, Okta, Windows/Linux, networks, CI/CD, vulnerability management, EDR, logging/SIEM, and data protection.
• Experience with GRC platforms and workflow/ticketing systems.
• Strong understanding of FFIEC IT Examination Handbooks, NIST CSF, NIST SP 800-53, GLBA, SOX, and PCI DSS and ability to map and rationalize overlapping requirements.
• Excellent written/oral communication with proven ability to influence cross-functional teams and present to management and auditors.
• Bias for automation and measurable outcomes; comfortable in fast-moving, high-accountability settings.
• 8+ years in Cybersecurity Risk, Governance, Compliance, Security Operations, and/or risk engineering.
• Experience in regulated industries, especially financial services, strongly preferred.
• Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or related field; equivalent experience considered.
• Certifications preferred: CRISC, CISA, CISSP, CISM, CCSK/CCSP, AZ-500 (or comparable).
Benefits:
• Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
• Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
• Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
• Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.
• Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
• Long-Term (LTD)/Short-Term Disability (STD): Income protection in the event of a long-term illness or injury.
• Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
• 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
• Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
• Holidays: Enjoy 11 paid holidays throughout the year.
Apply Now
Apply Now
• The Cybersecurity Risk & Controls Engineer owns the day-to-day health of Coastal’s Security Program.
• Define and maintain our enterprise control baseline aligned to the CRI Profile and FFIEC IT Examination Handbooks.
• Work with control owners to implement automated and policy-aligned control processes.
• Drive the Security Program Calendar to ensure time-bound and cyclical controls occur on schedule.
• Perform and automate internal control testing.
• Drive continuous control monitoring across cloud, identity, network, endpoint, data, and application domains.
• Blend hands-on technical capability with classic GRC rigor.
• Partner with Security Engineering, IT, Business Lines, Risk, Internal Audit, and Compliance.
Requirements:
• Demonstrated ability to operationalize FFIEC IT Handbooks and the CRI Profile into practical, auditable controls and testing procedures.
• Hands-on skill implementing proactive controls and automating control testing/evidence collection using APIs, various languages (Python, TypeScript, Bash, and/or PowerShell), and data pipelines/dashboards.
• Familiarity with Azure/Microsoft 365/Entra, Okta, Windows/Linux, networks, CI/CD, vulnerability management, EDR, logging/SIEM, and data protection.
• Experience with GRC platforms and workflow/ticketing systems.
• Strong understanding of FFIEC IT Examination Handbooks, NIST CSF, NIST SP 800-53, GLBA, SOX, and PCI DSS and ability to map and rationalize overlapping requirements.
• Excellent written/oral communication with proven ability to influence cross-functional teams and present to management and auditors.
• Bias for automation and measurable outcomes; comfortable in fast-moving, high-accountability settings.
• 8+ years in Cybersecurity Risk, Governance, Compliance, Security Operations, and/or risk engineering.
• Experience in regulated industries, especially financial services, strongly preferred.
• Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or related field; equivalent experience considered.
• Certifications preferred: CRISC, CISA, CISSP, CISM, CCSK/CCSP, AZ-500 (or comparable).
Benefits:
• Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
• Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
• Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
• Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.
• Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
• Long-Term (LTD)/Short-Term Disability (STD): Income protection in the event of a long-term illness or injury.
• Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
• 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
• Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
• Holidays: Enjoy 11 paid holidays throughout the year.
Apply Now
Apply Now