Principal Governance, Risk and Compliance (GRC) Architect

About the role

We are seeking a Principal GRC Architect to embed world‑class security certifications into our fast‑moving software environment. This hands‑on, individual‑contributor position will design, implement, and maintain compliance controls across AWS infrastructure while supporting rapid product delivery.

Key responsibilities

• Maintain continuous SOC 2 Type II compliance through automated monitoring.
• Design and oversee the technical implementation of ITAR and FedRAMP requirements, including migration to AWS GovCloud, network segmentation, encryption, and IAM controls.
• Bridge the gap between regulatory rigor and engineering speed by creating developer‑friendly change‑management and access‑review processes.
• Lead the technical and procedural rollout of TISAX, ITAR, and FedRAMP for global expansion.
• Act as the internal GDPR authority, keeping data‑mapping and privacy impact assessments up to date.
• Support sales and customer‑infosec calls, handling technical questionnaires and demonstrating our security posture.
• Own the full compliance lifecycle as a “department of one,” writing policies, conducting risk assessments, and managing audits.

Required profile

• Deep expertise in AWS, including GovCloud, VPC isolation, network security, and IAM architecture.
• Expert‑level knowledge of at least two standards: TISAX, ITAR, or FedRAMP, with proven audit leadership.
• Strong understanding of GDPR and emerging AI regulations.
• Ability to translate regulatory requirements into actionable technical tasks for developers.
• Self‑motivated, hands‑on attitude with excellent English communication skills.

Required skills

• AWS
• AWS GovCloud
• VPC isolation
• Network security
• IAM architecture
• Encryption standards
• FedRAMP
• ITAR
• TISAX
• GDPR