Security Risk & Controls Engineer

Job Description: • The Cybersecurity Risk & Controls Engineer owns the day-to-day health of Coastal’s Security Program. • Define and maintain our enterprise control baseline aligned to the CRI Profile and FFIEC IT Examination Handbooks. • Work with control owners to implement automated and policy-aligned control processes. • Drive the Security Program Calendar to ensure time-bound and cyclical controls occur on schedule. • Perform and automate internal control testing. • Drive continuous control monitoring across cloud, identity, network, endpoint, data, and application domains. • Blend hands-on technical capability with classic GRC rigor. • Partner with Security Engineering, IT, Business Lines, Risk, Internal Audit, and Compliance. Requirements: • Demonstrated ability to operationalize FFIEC IT Handbooks and the CRI Profile into practical, auditable controls and testing procedures. • Hands-on skill implementing proactive controls and automating control testing/evidence collection using APIs, various languages (Python, TypeScript, Bash, and/or PowerShell), and data pipelines/dashboards. • Familiarity with Azure/Microsoft 365/Entra, Okta, Windows/Linux, networks, CI/CD, vulnerability management, EDR, logging/SIEM, and data protection. • Experience with GRC platforms and workflow/ticketing systems. • Strong understanding of FFIEC IT Examination Handbooks, NIST CSF, NIST SP 800-53, GLBA, SOX, and PCI DSS and ability to map and rationalize overlapping requirements. • Excellent written/oral communication with proven ability to influence cross-functional teams and present to management and auditors. • Bias for automation and measurable outcomes; comfortable in fast-moving, high-accountability settings. • 8+ years in Cybersecurity Risk, Governance, Compliance, Security Operations, and/or risk engineering. • Experience in regulated industries, especially financial services, strongly preferred. • Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or related field; equivalent experience considered. • Certifications preferred: CRISC, CISA, CISSP, CISM, CCSK/CCSP, AZ-500 (or comparable). Benefits: • Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle. • Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions. • Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs. • Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly. • Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents. • Long-Term (LTD)/Short-Term Disability (STD): Income protection in the event of a long-term illness or injury. • Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most. • 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future. • Paid Time Off: Generous vacation and sick leave policies to support your time away from work. • Holidays: Enjoy 11 paid holidays throughout the year. Apply tot his job