Is the Senior Cybersecurity GRC position remote, hybrid, or on-site?

The Senior Cybersecurity GRC role at Believe is a remote opportunity. The location specified by the employer is Remote Worldwide.

What is the salary range for the Senior Cybersecurity GRC role at Believe?

The salary for Senior Cybersecurity GRC at Believe is not explicitly stated, but is competitive and based on experience.

How do I apply for the Senior Cybersecurity GRC position?

You can apply directly by visiting the dynamic application link on FutureTalent at: https://www.futuretalent.online/jobs/3543-senior-cybersecurity-grc-believe.

← Back to all jobs

13d 2h left to apply

Senior Cybersecurity GRC

Believe•🌍 Remote Worldwide•Estimated: $80,000 - $120,000

About

Believe is a global artist development company operating in over 50 countries with more than 2,000 employees. We empower local artists, labels, and publishers with a full range of services including audience development, publishing, marketing, and distribution, utilizing a global tech platform and local expertise. Our portfolio includes brands like Nuclear Blast, naïve, TuneCore, and more.

Responsibilities

As a Security GRC Engineer, you will:

Drive risk management through lightweight, continuous risk assessments and threat modeling.
Translate risks into clear options, track remediation plans, and provide visibility.
Build practical governance by maintaining and improving security policies and standards.
Create control objectives aligned with engineering workflows (CI/CD, cloud, SaaS, identity).
Support audits and evidence collection efficiently, aligning the program with recognized frameworks like NIST.
Develop "compliance-as-code" habits where possible.
Manage third-party risk through assessments and scalable vendor processes.
Create playbooks, templates, and self-service materials to enable security.
Coach teams to understand risk and make better security choices early in delivery.

Requirements

Experience in GRC / risk / compliance within a tech environment (security, cloud, SaaS, engineering orgs).
Strong understanding of security fundamentals (identity, access, logging, incident response, cloud shared responsibility, secure SDLC).
Ability to write simple, clear policies/standards and translate requirements into engineering-friendly controls.
Comfort with ambiguity and agility, able to iterate, prioritize, and deliver incremental improvements.
Excellent stakeholder skills, with the ability to influence without authority, challenge respectfully, and get things done.
Bonus points for experience aligning programs to frameworks (NIST CSF, ISO 27001, SOC 2), vendor risk platforms, "compliance as code" concepts, or partnering with product/engineering teams on secure-by-design practices.