Cybersecurity Architect (GRC & Risk)

Cye is seeking a Cybersecurity Architect (GRC & Risk) to join our cybersecurity architecture team. In this role, you will lead security governance, risk, and control assessments, conduct third-party due diligence, support maturity assessments, and drive mitigation and architectural review processes. You’ll work closely with CISOs, security leaders, engineering teams, and customers to develop risk-focused methodologies and improve security frameworks. This position is best suited for candidates with a technical GRC, risk, or security assessment background who excel in analysis, interpretation, and structuring of security information.

Responsibilities

• Lead customer third ‑ party security due diligence assessments. - Lead mitigation workshops to translate penetration test and assessment findings into prioritized remediation workplans. - Perform security maturity assessments, including reviews of organizational policies, standards, procedures, and governance practices, aligned with the NIST CSF 2.0 cybersecurity framework. - Develop and refine security methodologies, processes, and architectural guidance. - Maintain internal documentation and ensure alignment between frameworks, processes, and practical implementation. - Analyze technical findings and map them to governance, risk, and control gaps. - Produce clear, structured reports and executive ‑ ready summaries for technical and non ‑ technical audiences.

Qualifications

• 3-4 years in cybersecurity GRC, IT risk, compliance, audit/assurance, or related process ‑ oriented security roles. - Strong understanding of governance, risk management, and operational processes. - Familiarity with cybersecurity frameworks (NIST CSF, ISO 27001 concepts), risk assessment, mitigation planning, and third ‑ party risk management. - Basic conceptual understanding of cloud/SaaS shared responsibility models. - Ability to communicate technical issues in business ‑ aligned language. - Hands-on experience with security controls – an advantage. - Strong writing, communication, and facilitation skills. - Comfortable collaborating with internal stakeholders and external customers.

About us

Cye helps security and risk leaders gain a clear, defensible view of their cyber exposure, grounded in financial impact and real-world attack paths. By continuously quantifying exposure and validating it in context, organizations can establish a strong baseline, prioritize decisions with confidence, and track measurable reduction over time.