Principal, GRC Automation and Cyber Risk
$167.2k - $250.8kF5
At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive. The Principal, GRC Automation & Cyber Risk Quantification is a senior engineering and strategic leadership role responsible for designing, implementing, and scaling automated, data-driven cyber risk and GRC capabilities across the enterprise. This role blends deep cyber risk management expertise with hands‑on software engineering , GRC platform architecture, workflow automation, API development and systems integration , and emerging AI-enabled and Agentic capabilities to modernize how the organization manages risk, compliance, and governance at scale. Reporting to the VP, Cyber Governance, Risk & Compliance, this role serves as a force multiplier for the GRC organization, translating complex regulatory and risk frameworks into automated controls, continuous monitoring workflows, decision‑ready dashboards, and audit‑ready evidence. The principal is expected to write, review, and own production‑quality code and partner closely with ERM, Engineering, IT, Legal, Privacy, Internal Audit, and Digital teams to embed risk intelligence directly into business and technology processes. Key Objectives Shift GRC from manual, point‑in‑time assessments to continuous, automated, and risk‑informed execution by leveraging purpose‑built engineering solutions, Python‑based tooling, and Agentic workflows. Enable executive and board‑ready cyber risk insights grounded in quantitative and business‑relevant data, supported by automated data pipelines and integrations. Standardize and automate control mapping, testing, evidence collection, and risk reporting across frameworks and regulators through scalable API‑driven architectures. Act as the technical and architectural authority for ServiceNow IRM and adjacent GRC automation capabilities, including custom‑developed integrations and Agentic automation agents. Primary Responsibilities GRC Automation & Platform Architecture Design, build, and evolve end‑to‑end GRC automation across risk, compliance, policy, and issue management domains — including writing and maintaining Python‑based automation scripts, services, and tools. Integrate GRC workflows with source systems (cloud platforms, vulnerability tools, IAM, SDLC, third‑party systems) via RESTful APIs, webhooks, and event‑driven integration patterns to reduce manual effort and improve data quality. Architect and maintain a systems integration layer connecting GRC platforms to enterprise data sources, enabling real‑time risk signal ingestion and automated control validation. Cyber Risk Quantification & Decision Enablement Partner with Cyber Risk leadership to operationalize quantitative and scenario‑based risk analysis (e.g., FAIR‑aligned methods). Engineer automated pipelines for ingesting threat, vulnerability, asset, and business context data to support risk‑based prioritization, leveraging Python data processing libraries (pandas, NumPy), integration APIs, and Agentic workflows. Enable financially grounded cyber risk outputs that inform: Risk acceptance and investment decisions Executive and board‑level reporting Program prioritization and roadmap planning Compliance Automation & Continuous Monitoring Translate regulatory and framework requirements into automated, testable, and traceable controls, implementing these as code‑driven workflows and API‑integrated monitoring checks. Implement continuous control monitoring and evidence refresh to support ISO, SOX, SOC, and regulatory audits, using automated evidence collection scripts and scheduled integrations. Reduce audit fatigue by standardizing artifacts, workflows, and control narratives across compliance programs. Partner with Internal Audit and external auditors to improve transparency, timeliness, and defensibility of GRC outputs. AI‑Enabled GRC & Agentic Development Design, build, and deploy Agentic automation solutions — autonomous AI‑driven agents capable of reasoning across GRC data, identifying risks, triggering workflows, and recommending actions with minimal human intervention. Identify and pilot AI‑assisted capabilities to accelerate GRC outcomes, such as: Control mapping and gap analysis Risk scenario generation and prioritization Policy‑to‑control alignment and impact analysis Agentic issue triage, intelligent remediation recommendations, and autonomous evidence collection Develop and integrate LLM‑based or agent‑framework tooling (e.g., LangChain, AutoGen, or comparable frameworks) into GRC workflows. Ensure all AI‑enabled and Agentic GRC use cases align with internal security, privacy, and governance standards. API and Systems Integration Design, develop, and maintain RESTful and GraphQL APIs that expose GRC data and capabilities to downstream consumers including dashboards, reporting tools, and integrated enterprise systems. Own the end‑to‑end systems integration architecture connecting GRC platforms to security tools, cloud environments, HR systems, asset management, and third‑party risk platforms. Establish and enforce API governance standards, including versioning, authentication, documentation (OpenAPI/Swagger), and rate management. Build and maintain integration middleware, ETL pipelines, and event‑driven connectors to ensure consistent, reliable data flows across GRC systems. Stakeholder Partnership & Influence Serve as a trusted advisor to security, IT, engineering, and business leaders on risk‑based automation, control design, and engineering best practices for GRC tooling. Influence teams to embed GRC requirements directly into SDLC, cloud, procurement, and third‑party workflows. Translate technical implementations — including architecture diagrams, API designs, and automation logic — into clear, executive‑ready narratives for leadership consumption. Knowledge, Skills & Abilities Knowledge Deep understanding of cyber risk management and GRC frameworks (NIST CSF, NIST 800‑53/171, ISO 27001, SOC 2, SOX). Strong grasp of enterprise risk management (ERM) concepts and alignment. Working knowledge of quantitative cyber risk analysis (FAIR or similar approaches). Familiarity with audit, regulatory, and certification processes. Understanding of software engineering principles, API design patterns, and systems integration methodologies. Knowledge of Agentic AI frameworks and multi‑agent system design principles. Skills Expertise designing and automating workflows within ServiceNow IRM or comparable GRC platforms. Proficient Python developer — able to write clean, maintainable, production‑ready code for automation scripts, data pipelines, API clients, and Agentic workflows. Experienced in API development and integration — designing and consuming REST APIs, managing authentication (OAuth, API keys), and building integration layers. Demonstrated systems integration experience — connecting heterogeneous enterprise systems through APIs, webhooks, message queues, or ETL frameworks. Hands‑on experience with Agentic development — building autonomous AI agents using frameworks. Ability to translate abstract frameworks into practical, automated, and scalable implementations. Strong systems thinking, connecting people, process, technology, and data. Excellent written and verbal communication skills, including executive‑level storytelling. Abilities Operate comfortably at both strategic and hands‑on engineering levels. Influence without authority in a highly matrixed environment. Drive change from legacy/manual processes to modern, code‑driven automated execution. Independently scope, build, and ship engineering solutions with minimal oversight. Qualifications Required Qualifications Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Engineering, Risk Management, or related field. 10+ years of experience across cybersecurity, risk management, GRC, or security architecture roles — with at least 3–5 years in a hands‑on engineering or software development capacity. Demonstrated Python programming proficiency applied to automation, data processing, tooling, or security use cases. Proven API development and integration experience, including designing, building, and consuming APIs in enterprise environments. Demonstrated systems integration experience, connecting GRC, security, cloud, or enterprise systems at scale. Demonstrated experience automating or scaling GRC, risk, or compliance programs using enterprise platforms. Strong experience partnering with cross‑functional technical and business teams. Preferred Qualifications Master's degree in a related field. Experience with FAIR or quantitative risk methods. Hands‑on experience with Agentic AI development — building and deploying autonomous agents for task automation, decision support, or workflow orchestration. Familiarity with LLM orchestration frameworks (LangChain, LangGraph, AutoGen, CrewAI, or similar). Experience with Python data and automation libraries (pandas, NumPy, FastAPI, Celery, Airflow, etc.). Experience with API gateway tooling, integration platforms (e.g., MuleSoft, Boomi, Workato), or message broker systems (Kafka, RabbitMQ). Hands‑on experience with AI, data analytics, or workflow automation applied to GRC use cases. Professional certifications (CISSP, CISM, CRISC, Open FAIR). Why This Role Matters This role is foundational to advancing the organization’s GRC maturity by reducing friction, increasing signal, and enabling leadership to make faster, better‑informed risk decisions. It is a highly visible engineering leadership position with direct impact on executive confidence, audit outcomes, and enterprise risk posture. The ideal candidate is equally comfortable writing Python code and building Agentic workflows as they are presenting risk insights to a board of directors — a rare blend of engineering depth and strategic influence that will define the next generation of GRC capability. The annual base pay for this position is $167,200.00 - $250,800.00. F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change. You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: F5 reserves the right to change or terminate any benefit plan without notice. Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com). It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting View email address on click.appcast.io. #J-18808-Ljbffr F5
- F5 is on the lookout for a Principal, GRC Automation & Cyber Risk Quantification to lead the design and implementation of automated cyber risk management solutions. This senior role requires deep expertise in cyber risk management and software engineering, focusing on...CyberPrincipalRisk
- ...to act as a technical leader within the Cyber Risk and Compliance Team. The position focuses... ...governance, driving initiatives for automated compliance monitoring, and resolving complex... ...extensive experience in IT operations, GRC frameworks, and a strategic mindset for...CyberRisk
$129k - $198k
...leader and strategic driver within our Cyber Risk and Compliance Team. This is a high‑impact... ...Governance, Risk, and Compliance (GRC) expertise and the leadership capability... ...from manual, point‑in‑time compliance to automated, continuous compliance monitoring across...CyberRisk$119k - $193k
...research and deliver strategic advice for risk management leaders and their teams. The ideal... ...methods; deep knowledge and expertise in cyber risk quantification; and deep experience... ...management, internal or external audit, and GRC platforms is strongly desired. The...CyberRiskFor contractors$124.9k - $229.1k
...help to build a better working world. Risk Consulting – Risk Technology – GRC/IRM Platforms – Manager The risk... ...economic changes, regulatory reforms, and cyber threats. Organizations are... ...technology to simplify governance, automate compliance, and deliver forward‑looking...CyberRiskSummer holidayWork at officeFlexible hours$221k - $365k
.... The Senior Director of Governance, Risk, and Compliance (GRC) plays a critical role in protecting... ...guide enterprise risk assessments across cyber, IT, third‑party, and operational... ...optimize GRC tools and platforms, advancing automation and scalable risk and compliance...CyberRisk$128.7k - $181.5k
...Description The Senior Cybersecurity Third‑Party Risk Analyst will perform advanced technical assessments of third‑party cyber risk and design automation and process improvements using... ...routines, and integration points with TPRM/GRC platforms (Aravo, ServiceNow GRC, RSA...CyberRiskPermanent employmentWork experience placementLive inImmediate startRelocationVisa sponsorshipWork visaRelocation packageShift workDay shift- Salesforce is seeking a Manager of Governance, Risk and Compliance Security Automation to lead the design, deployment, and scaling of automation within... ...execution with automated solutions. You will bring 8+ years in GRC/Cybersecurity or software engineering, with 3+ years...Risk
- Boeing is seeking a Senior Cybersecurity Third-Party Risk Analyst to perform advanced assessments of vendor cyber risk and to design automation across the assessment lifecycle. You will validate technical evidence, map controls to contracts, and guide remediation with...CyberRisk
$148.5k - $223.9k
...inc. in Bellevue is looking for a Manager of Governance, Risk and Compliance Security Automation. This role involves leading the design and deployment of... ...candidates will have at least 8 years of experience in GRC or Cybersecurity, and proficiency in backend programming...Risk$156.8k - $219.52k
...passionate and accomplished team of Cyber Security experts, you will... ...but are not limited to: Automate compliance workflows including... ...continuous monitoring tasks. Create GRC dashboards that integrate data... ...GRC solutions. Support risk assessments to identify potential...CyberRiskPermanent employmentTemporary workLocal area- ...Analyst in Seattle, WA, to provide strategic advice and conduct research for risk management leaders. Candidates should possess strong knowledge of risk management practices and expertise in cyber risk quantification, along with superior presentation and analytical skills...CyberRisk
- ...directly to the CISO and drive the global cyber architecture for the organization. This... ...identifying opportunities to modernize, automate, and integrate security capabilities across... ...roadmaps that balance business priorities, risk tolerance, and regulatory expectations....CyberPrincipalRiskFull time
- ...directly to the CISO, and will act as the principal technical authority on cybersecurity... ...design practices, technology modernization, automation, and adoption of emerging security... ...architectures that balance innovation, agility, and risk management. The successful candidate...CyberRiskVisa sponsorship
$215.07k - $220.07k
...T-Mobile USA, Inc. seeks Principal Program Manager in Bellevue, WA to own and manage fraud... ...cross-functional execution across IT, Risk, Cyber, Internal Audit, Compliance, Retail Op,... ...services for AI driven controls, automated transaction monitoring, and machine learning...CyberPrincipalRiskFor contractorsWork experience placementRemote work3 days per week$200k - $250k
...three distinct practice areas: healthcare, cyber, and national security. United by a... ...AI without the associated complexity and risks. We are an end‑to‑end solution for deploying... ...have an exciting opportunity for you as a Principal Backend Software Engineer at Trase Systems...CyberPrincipalRiskRemote work- ## Principal Enterprise Risk ManagerApplyremote type: Hybridlocations: Seattletime type: Full timeposted... ...risks, SaaS & Managed service, Cyber, Resiliency & Tech ops, Customer Service... ...control design, documentation, and automation opportunities during process mapping....CyberPrincipalRisk
$143.3k - $238.8k
...focus on business outcomes with embedded cyber resiliency and AI to protect today and enable... ...of the Cox family of companies. The Principal Client Partner is responsible for managing... ...Monitor account health, identify risks, and support mitigation strategies Maintain...CyberPrincipalRiskFlexible hours$153.6k - $192k
...spend effortlessly. the company’s AI-native automation and world-class service eliminate manual... ...What you’ll do the company’s Governance, Risk, and Compliance function is at an... ...expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC...RiskWork at officeImmediate startRemote workWork from home$115k - $250k
Cloud - Principal Technical Product Manager - (Seattle, WA) Seattle, Washington, United States... ...solutions, proactively guard against cyber threats, and leverage machine learning alongside... ...solutions in Artificial Intelligence, risk management, big data, mobile and more....CyberPrincipalRisk$205k - $235k
...value enhancement, as well as advise on risk mitigation and the successful change of operations... ...Infrastructure and cloud architecture Cyber and IAM architecture Digital Technology... ....e., advanced analytics, robotic process automation, virtual reality) Cloud SaaS or PaaS (...CyberRiskContract workWork experience placementSummer holidayWork at officeFlexible hoursNight shift$180k - $288k
...Visa’s Cyber Security team is seeking a Cloud Security Architecture with an automation‑first mindset to design, build, and operate large‑scale, cloud‑native and AI‑driven... ...handling, prompt safety, access controls, and model risk considerations. Cloud Security & Automation...CyberRiskPart timeWork experience placementWork at officeLocal areaRemote work$120k - $175k
...Technology Cyber Security Architect Cooley is seeking a Cyber Security Architect to... ...AI integrations Identify and mitigate risks related to AI systems, such as data leakage... ...emerging technologies, including AI and automation platforms Extensive knowledge and understanding...CyberRiskFull timeTemporary workWork at officeFlexible hoursWeekend work$157.3k - $212.9k
...coaching. About the Role We are seeking a Principal Engineer to serve as a senior technical authority on enterprise robotic process automation (RPA) and help lead the architectural... ...technical concepts, architectural decisions, risks, and recommendations to audiences...PrincipalRiskWork experience placementLocal area$177k - $239.4k
Overview As a Principal Technical Program Manager on the core team, you will define and frame ambiguous, undefined... ...integration. Proactively identify and mitigate risks related to both traditional systems and automation deployments, including model drift, data quality,...PrincipalRiskFlexible hours$168k - $244k
...and reduce the overall impact of business risk before, during, and after an incident.... ...Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident... ...cloud (GCP) and on-premise environments. Automate forensic tasks and build team utility...CyberPrincipalRiskTemporary workWork at officeRemote work- ...and security measures to protect against cyber threats and ensure compliance with industry... ...aligned to business outcomes, risk tolerance, and reference architectures Monitor... ...maintenance activities Develop and maintain automation using Python and Ansible (and related tooling...CyberRiskWork experience placement
$76.33 - $82 per hour
...support the Enterprise Compliance organization. This role will focus on implementing and integrating a risk assessment AI tool within the Governance, Risk, and Compliance (GRC) ecosystem. With 7+ years of experience, you'll work with multiple stakeholders and manage project...RiskHourly pay$90k - $100k
...Cybersecurity Analyst to advance our Human Cyber Risk Management program while supporting... ...exposure to both security awareness and GRC functions Demonstrated experience running... ...privileged principles Familiarity with automation and scripting to support security and risk...CyberRiskVisa sponsorship$221k - $365k
A prominent retail company in Seattle seeks a Senior Director of Governance, Risk, and Compliance to lead the development of a modern, enterprise-wide GRC function. This role requires extensive experience in governance, risk, and compliance, particularly in regulated environments...Risk
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Principal, GRC Automation and Cyber Risk. Be the first to apply!
- principal designer Seattle, WA
- principal architect Seattle, WA
- principal data scientist Seattle, WA
- senior principal cloud computing engineer Seattle, WA
- principal cloud computing engineer Seattle, WA
- senior principal scientist Seattle, WA
- principal Seattle, WA
- cyber Seattle, WA
- antepartum high risk ob nurse Seattle, WA
- risk Seattle, WA

