Principal Security Engineer - GRC

Location Details: United States - Remote

At GoDaddy the future of work looks different for each team. Some teams work in the office full-time, others have a hybrid arrangement (they work remotely some days and in the office some days) and some work entirely remotely.

This is a remote position, so you’ll be working remotely from your home. You may occasionally visit a GoDaddy office to meet with your team for events or meetings.

This position is not eligible to be performed in Alaska, Mississippi, North Dakota, or the Virgin Islands.

GoDaddy is not currently considering candidates for this role in California, Seattle, or NYC.

Join our team

The Governance, Risk, and Compliance team helps GoDaddy identify, assess, and address security risk across the business. We lead regulatory and compliance audits, manage risk acceptances and exception workflows, support third-party risk activities, and define security standards and policies that guide teams across the company. This role is a strong fit for someone who wants to build a durable audit and controls program from the ground up, influence security strategy, and work directly with senior leaders on risk-based decision-making. The ideal candidate will gain the opportunity to shape a long-term security governance initiative, partner broadly across engineering and security teams, and drive meaningful improvements in how GoDaddy manages risk and audit readiness.

What you'll get to do...

Build and manage a unified security controls framework that supports regulatory and industry compliance requirements

Perform targeted gap assessments across business units, withan initial focus on hosting environments and audit readiness

Partner with engineering, product, legal, and other security teams toidentify control gaps, evaluate compensating controls, and reduce risk

Support internal and external audits across frameworks such asPCI DSS, SOC 2, ISO 27001, and other applicable regulations

Develop reporting and present security risks, audit status, and remediation priorities to senior leadership, including the Chief Information Security Officer

Drive scalable risk-based processes for exception management, risk acceptanceworkflows, and broader governance initiatives

Your experience should include...

10+ years of professional experience in information security, information technology, information technology audit, or related fields

6+ years of professional experience managing information security programs, audits, or formal assessment activities

Experience building unified security controls frameworks across multiple compliance and regulatory standards

Experience managing or performing audits using frameworks such asPCI DSS, NIST Cybersecurity Framework, NIST SP 800-53, ISO 27001, and SOC 2

Experience assessing cloud environments such as AWS and applying core security engineering concepts such as threat modeling, architecture reviews, access management, and encryption

Experience prese