Principal Security Engineer - InfoSec GRC

Location Details:  At GoDaddy the future of work looks different for each team. Some teams work in the office full-time, others have a hybrid arrangement (they work remotely some days and in the office some days) and some work entirely remotely. This is a remote position, so you’ll be working remotely from your home. You may occasionally visit a GoDaddy office to meet with your team for events or meetings.   This position is not eligible to be performed in Alaska, Mississippi, North Dakota, or the Virgin Islands. GoDaddy is not currently considering candidates for this role in California, Seattle, or NYC. Join our team The Governance, Risk, and Compliance team helps GoDaddy identify, assess, and address security risk across the business. We lead regulatory and compliance audits, manage risk acceptances and exception workflows, support third-party risk activities, and define security standards and policies that guide teams across the company. This role is a strong fit for someone who wants to build a durable audit and controls program from the ground up, influence security strategy, and work directly with senior leaders on risk-based decision-making. The ideal candidate will gain the opportunity to shape a long-term security governance initiative, partner broadly across engineering and security teams, and drive meaningful improvements in how GoDaddy manages risk and audit readiness. What you'll get to do... Support a team of GRC compliance specialists in helping to build and manage a unified security controls framework that supports regulatory and industry compliance requirements Perform targeted gap assessments across business units to support new regulatory frameworks Partner with engineering, product, legal, and other security teams to identify control gaps, evaluate compensating controls, and reduce risk Support internal and external audits across frameworks such as PCI DSS, SOC 2, ISO 27001, and other applicable regulations Develop reporting and present security risks, audit status, and remediation priorities to senior leadership, including the Chief Information Security Officer Drive scalable risk-based processes for exception management, risk acceptance workflows, and broader governance initiatives Remove roadblocks across the team in addition to providing training and mentoring support across the team and within the larger information security organization. Your experience should include... 10+ years of professional experience in information security, information technology, information technology audit, or related fields 6+ years of professional experience managing information security programs, audits, or formal assessment activities Experience building unified security controls frameworks across multiple compliance and regulatory standards Experience managing or performing audits using frameworks such as PCI DSS, NIST Cybersecurity Framework, NIST SP 800-53, ISO 27001, and SOC 2 Experience assessing cloud environments such as AWS and applying core security engineering concepts such as threat modeling, architecture reviews, access management, and encryption Experience presenting audit results, risk posture, and remediation priorities to executive stakeholders Experience in automating, scripting, or designing automated compliance systems You might also have... Certifications such as CISSP, CISA, CISM, CRISC, PCI QSA, or ISO Lead Assessor Experience working with Big Four audit firms and governance, risk, and compliance tools such as ServiceNow and Jira We encourage you to apply even if your experience or skillset doesn’t align perfectly with every requirement. We value a wide range of backgrounds and transferable skills, and we are excited to support learning and growth.About us...  GoDaddy is empowering everyday entrepreneurs around the world by providing the help and tools to succeed online, making opportunity more inclusive for all. GoDaddy is the place people come to name their idea, build a professional website, attract customers, sell their products and services, and manage their work. Our mission is to give our customers the tools, insights, and people to transform their ideas and personal initiative into success. To learn more about the company, visit About Us.  At GoDaddy, we know diverse teams build better products—period. Our people and culture reflect and celebrate that sense of diversity and inclusion in ideas, experiences and perspectives. But we also know that’s not enough to build true equity and belonging in our communities. That’s why we prioritize integrating diversity, equity, inclusion and belonging principles into the core of how we work every day—focusing not only on our employee experience, but also our customer experience and operations. It’s the best way to serve our mission of empowering entrepreneurs everywhere, and making opportunity more inclusive for all. To read more about these commitments, as well as our representation and pay equity data, check out our Diversity and Pay Parity annual report which can be found on our Diversity Careers page. We also embrace our diverse culture and offer a range of Employee Resource Groups (Culture). Have a side hustle? No problem. We love entrepreneurs! Most importantly, come as you are and make your own way.  GoDaddy is proud to be an equal opportunity employer. GoDaddy will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements. Refer to our full EEO policy. Our recruiting team is available to assist you in completing your application. If they could be helpful, please reach out to myrecruiter@godaddy.com.  Colorado Residents: In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information. GoDaddy doesn’t accept unsolicited resumes from recruiters or employment agencies.Compensa