About Saliense

At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and meaningful work, with ample opportunities for career advancement. We offer competitive compensation and benefits, including:

• 20 Days PTO + 40 Hours of Paid Sick & Safe Time
• 11 Federal Holidays + 2 Corporate Holidays
• Health, Vision, Dental, and Life Insurance
• 401(k) with Tiered Match & 100% Vesting
• Parental Leave for Birthing and Non-Birthing Parents
• Professional Development Reimbursement Program

We believe in empowering our team members to achieve their professional goals while contributing to impactful projects that make a difference. Join us at Saliense and be part of a growing organization dedicated to innovation, collaboration, and excellence. Visit www.saliense.com to learn more. 

There are many more - connect with us to get a preview of the full benefits package.

About the role

The Lead GRC Engineer serves as the primary technical POC for our Governance, Risk, and Compliance (GRC) migration team and environment, ensuring high availability, performance, and alignment with federal security mandates and government policies and practices. This role is responsible for the full lifecycle of GRC tool deployment, configuration, operations and modernization, including environment management, release control, and the implementation of least-privilege access via SSO. The Lead GRC Engineer will both plan and manage the migration of systems from the existing GRC system to a new platform, developing automated bi-directional API integrations between them, and guiding the development and deployment of actionable custom reporting, dashboards, and user interfaces.

What you'll do

• Install, configure, operate, and maintain the GRC system across production and non-production environments, establishing configuration baselines and executing releases with documented change control, regression testing, and rollback strategies.
• Design and secure integrations between the GRC tool and enterprise tools including asset management, SIEM, AWS tools, and equivalent capabilities within Azure and Google Cloud.
• Design, test, and deploy APIs or automated interface means to synchronize data between GRC systems.
• Create and administer GRC user/service accounts and RBAC; implementing least-privilege access and integrate with approved identity services for SSO.
• Define and enforce data quality checks, lineage, and synchronization rules; maintain comprehensive logging and evidence to support internal audits and records management.
• Create and maintain standardized document templates (SSPPs, POA&Ms, Risk Acceptance Requests, FISMA Questionnaires, etc.) and associated workflows for drafting, review, and approval.
• Maintain a centralized, approved knowledge repository for runbooks, SOPs, workflow specifications, and integration guides to ensure content remains current with GRC tool release cycles.

Qualifications

• Eight (8)+ years of experience in listed tasks
• Master’s degree

• Significant experience in the deployment, administration, and optimization of GRC solutions within a federal or highly regulated context.
• Proven track record of migrating systems and common control programs between GRC platforms, including the transformation logic for control implementation statements and inheritance configurations.
• Hands-on experience using APIs or other automated integrations to synchronize data between GRC systems and other enterprise security solutions.
• Experience leveraging cloud-native tools (AWS/Azure/GCP) to provide security, privacy, and risk insights.
• Background in designing custom reporting, dashboards, and custom user interfaces that translate technical information into actionable insights for executives and system teams.
• Hands-on experience supporting cybersecurity compliance and RMF authorization activities for information systems. Supporting implementation of the NIST Risk Management Framework (RMF) for federal information systems, including documentation, control implementation, and authorization support.
• Advanced experience leading cybersecurity risk management and authorization activities for federal information systems, lifecycle, including system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring.
• Knowledgeable of the Risk Management Framework NIST Special Publication 800-53 Rev5, FISMA, and its implementation through NIST and other government standards.
• Experience supporting internal reviews and audits by maintaining auditable configurations and automated evidence collection.
• Advanced experience deploying, migrating systems, and operating both CSAM and RegScale GRC solutions
• Excellent customer service mindset and reputation
• Prior architecture and systems engineering experience.
• Prior network, cloud system, and application development experience