CYE
Cybersecurity Architect (GRC & Risk)
TLDR
Lead security governance, risk assessments, and develop risk-focused methodologies while collaborating with security leaders and engineering teams.
Cye is seeking a Cybersecurity Architect (GRC & Risk) to join our cybersecurity architecture team. In this role, you will lead security governance, risk, and control assessments, conduct third-party due diligence, support maturity assessments, and drive mitigation and architectural review processes. You’ll work closely with CISOs, security leaders, engineering teams, and customers to develop risk-focused methodologies and improve security frameworks. This position is best suited for candidates with a technical GRC, risk, or security assessment background who excel in analysis, interpretation, and structuring of security information.
Responsibilities
Lead customer third‑party security due diligence assessments.
Lead mitigation workshops to translate penetration test and assessment findings into prioritized remediation workplans.
Perform security maturity assessments, including reviews of organizational policies, standards, procedures, and governance practices, aligned with the NIST CSF 2.0 cybersecurity framework.
Develop and refine security methodologies, processes, and architectural guidance.
Maintain internal documentation and ensure alignment between frameworks, processes, and practical implementation.
Analyze technical findings and map them to governance, risk, and control gaps.
Produce clear, structured reports and executive‑ready summaries for technical and non‑technical audiences.
Qualifications
3-4 years in cybersecurity GRC, IT risk, compliance, audit/assurance, or related process‑oriented security roles.
Strong understanding of governance, risk management, and operational processes.
Familiarity with cybersecurity frameworks (NIST CSF, ISO 27001 concepts), risk assessment, mitigation planning, and third‑party risk management.
Basic conceptual understanding of cloud/SaaS shared responsibility models.
Ability to communicate technical issues in business‑aligned language.
Hands-on experience with security controls – an advantage.
Strong writing, communication, and facilitation skills.
Comfortable collaborating with internal stakeholders and external customers.
About us
Cye helps security and risk leaders gain a clear, defensible view of their cyber exposure, grounded in financial impact and real-world attack paths. By continuously quantifying exposure and validating it in context, organizations can establish a strong baseline, prioritize decisions with confidence, and track measurable reduction over time.
Cye provides security and risk leaders with a clear and defensible perspective on their cyber exposure, linking it to financial implications and real-world attack scenarios. By continuously quantifying risks and validating findings within their context, organizations can create a strong baseline, confidently prioritize their security decisions, and measure their progress over time.
Architect