Guidehouse

Cyber Consulting

Governance,Risk,andComplianceEngineer

McLean, Virginia, United States FULL TIME

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Senior candidates.

The Brief

“Governance, Risk, and Compliance Engineer at Guidehouse. Skills: GRC platform architectures, Compliance automation, Data integration, Risk aggregation. Architect enterprise GRC modernization programs. Lead enterprise GRC modernization programs”

What You'll Achieve.

Improve transparency; Improve decision-making; Improve resilience; Operationalize compliance; Aggregate risk across the enterprise; Enable real-time compliance visibility; Enable risk aggregation; Shift from manual compliance toward automated, data-driven governance; Shift toward enterprise risk transparency; Ensure executives can understand cumulative risk; Ensure executives can understand trends; Ensure executives can understand remediation priorities

Industry & Context.

Cyber Consulting

Eligibility Requirements

Up to 10% Travel, Active Public Trust Clearance Required, Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"

What They're Looking For.

Must Have

Federal or DoD "PUBLIC TRUST", Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field, Minimum of NINE (9) or more years of progressively responsible experience in cybersecurity GRC, compliance engineering, risk management, or related enterprise technology roles, Certified in Governance, Risk and Compliance (CGRC) (active), Certified Information Systems Security Professional (CISSP) (active), Demonstrated experience designing and implementing enterprise GRC platforms and compliance automation solutions, working knowledge of cybersecurity governance, risk management, and assessment processes within regulated environments, Experience translating complex regulatory and control requirements into technical architectures and automated workflows, Experience with leading GRC platforms (e. g. , ServiceNow, Qmulos, Archer, or similar enterprise tools)

Nice to Have

ACTIVE PUBLIC TRUST or SUITABILITY and maintain an active HHS/NIH clearance, Experience supporting federal civilian, defense, or regulated commercial clients, Additional certifications such as CISM, CISA, CCSP, or cloud security credentials, Experience integrating GRC platforms with cloud, DevSecOps, SIEM, asset management, and identity systems, Prior consulting experience with responsibility for client engagement, delivery assurance, and team leadership

What You'll Do.

Architect enterprise GRC modernization programs

Lead enterprise GRC modernization programs

Design scalable GRC platform architectures

Define automated control evidence ingestion pipelines

Integrate data from security systems

Integrate data from IT systems

Integrate data from cloud systems

Integrate data from operational systems

Establish enterprise data integration standards

Lead initiatives to enhance compliance transparency

Enable near-real-time insight

Reduce manual assessment burdens

Reduce reporting burdens

Translate regulatory requirements

Translate policy requirements

Translate control requirements

Oversee mapping of security controls

Oversee operationalization of security controls

Provide technical direction for risk aggregation

Provide technical direction for reporting

Implement quality assurance processes

Implement performance measurement processes

Implement risk management processes

Review architectural designs

Approve architectural designs

Approve integration patterns

Approve technical deliverables

Set technical standards

Reinforce delivery excellence

Support business development activities

Conduct technical reviews

How You'll Work.

Team & Collaboration

Collaborate with cybersecurity engineering stakeholders; Collaborate with cloud stakeholders; Collaborate with data stakeholders; Collaborate with audit stakeholders

Communication Scope

Excellent written communication skills; Excellent verbal communication skills; Ability to brief senior executives; Ability to brief technical stakeholders

Process & Methodology

Lead complex modernization efforts, Strategy through execution

Full Job Description

**_Job Family_ :** Cyber Consulting ** _Travel Required_ :** Up to 10% **_Clearance Required_ :** Active Public Trust _**What You Will Do:**_ Guidehouse’s Cybersecurity practice helps organizations modernize governance, risk, and compliance (GRC) capabilities to improve transparency, decision‑making, and resilience in complex regulatory environments. Our teams work at the intersection of cybersecurity strategy, enterprise risk management, and technology enablement to help clients operationalize compliance and aggregate risk across the enterprise. As a GRC Engineer, you will architect and lead enterprise GRC integration and compliance automation initiatives for federal and commercial clients. You will design scalable GRC platform architectures, establish automated security control evidence ingestion and normalization processes, and define enterprise data integration standards that enable real‑time compliance visibility and risk aggregation. This role is suited for a senior GRC leader who combines deep knowledge of cybersecurity governance frameworks with technical expertise in platform architecture, data integration, and automation, and who can lead complex modernization efforts from strategy through execution. This role positions you as a technical and strategic leader in GRC modernization, enabling organizations to shift from manual compliance toward automated, data‑driven governance and enterprise risk transparency. **Key Responsibilities** * Architect and lead enterprise GRC modernization programs, providing technical leadership across strategy, platform design, integration, and implementation. * Design scalable GRC platform architectures that support automated control management, continuous monitoring, compliance reporting, and enterprise risk aggregation. * Define and implement automated control evidence ingestion pipelines, integrating data from security, IT, cloud, and operational systems into centralized GRC platforms. * Establish enterprise data integration

Free ATS check

Applying for this Governance, Risk, and Compliance Engineer role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 46 detected · ranked by frequency

Compliance automation ×6

Data integration ×6

Automation ×4

Security control evidence ingestion ×4

Continuous monitoring ×4

Compliance reporting ×4

Enterprise risk aggregation ×4

GRC platform architectures ×3

Risk aggregation ×3

GRC integration ×3

Platform architecture ×3

Data integration standards ×3

Automated control management ×3

Automated workflows ×3

GRC platforms ×3

Cloud integration ×3

DevSecOps integration ×3

SIEM integration ×3

Asset management integration ×3

Identity systems integration ×3

ServiceNow ×2

Qmulos ×2

Archer ×2

NIST SP 800-53

NIST SP 800-37

FISMA

ISO 27001

Cloud

DevSecOps

SIEM

Asset management

Identity systems

Role Details

Seniority mid

Experience 9–10 yrs

Level Senior

Type FULL TIME

Education Bachelor's degree in Cybersecurity, Information Systems, Com

AI-Extracted Insights

Domain Areas

cybersecurity-governance-frameworksregulated-environmentsnist-sp-800-53nist-sp-800-37fismaiso-27001

Certifications

Certified in Governance, Risk and Compliance (CGRC)Certified Information Systems Security Professional (CISSP)CISMCISACCSP

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Guidehouse?

Real rants from real employees. Read before you apply.

Read Company Rants →