GRC Engineer

About Nintendo of America: From the launch of the Nintendo Entertainment System™ more than 30 years ago, Nintendo’s mission has been to create smiles through unique entertainment experiences. Here at Nintendo of America Inc., we deliver on this mission by partnering closely with Nintendo Co., Ltd., to bring Nintendo’s iconic and cherished franchises including Mario™, Donkey Kong™, The Legend of Zelda™, Metroid™, Animal Crossing™, Pikmin™ and Splatoon™ across the Americas through our video games, hardware systems, and collaborations with partners on a range of other entertainment initiatives like feature films and theme parks.

Based in Redmond, Wash., Nintendo of America serves as headquarters for Nintendo’s operations in the Americas. We are an equal opportunity employer offering a welcoming and inclusive environment in service to one another, our products, and the diverse consumers and communities we call home. For more information about Nintendo, please visit the company’s website at https://www.nintendo.com/. 

Job Summary: This role is within Nintendo of America (NOA)’s IT Security department. We are hiring a GRC Engineer to help modernize how Governance, Risk, and Compliance (GRC) operates across the organization. This role is focused on reducing compliance burden, improving scalability, and enabling sustainable compliance through thoughtful use of automation, tooling, and sound engineering judgment.

This is an early-to-mid career role designed for someone with a solid foundation in cybersecurity risk and compliance who is ready to grow into a more technical, systems-oriented GRC career path. The GRC Engineer will work hands-on with both GRC processes and technical solutions, learning how to design workflows that scale while continuing to build depth in regulatory interpretation, risk management, and business partnership. This role is accountable for how GRC work gets done, not just for completing GRC tasks. Routine compliance activities are expected to become increasingly automated; this role focuses on designing, improving, and governing those workflows to make compliance more reliable and less disruptive to the business.

Description of Duties:

• Conduct cybersecurity risk assessments, including third-party/vendor risk evaluations (TPRM), with an emphasis on consistency, repeatability, and scalability
• Identify, analyze, and document security risks, threats, and vulnerabilities
• Support the development and maintenance of risk registers and risk treatment plans
• Assist in ensuring compliance with applicable regulations, standards, and frameworks (e.g., NIST CSF, PCI DSS, J-SOX, etc.)
• Contribute to the development, review, and maintenance of information security policies, standards, and procedures
• Support internal and external audits, including evidence collection and remediation tracking
• Monitor and report on compliance posture, control effectiveness, and risk metrics
• Help design, build, and maintain automation and tooling that reduces manual GRC effort and improves reliability
• Apply the most appropriate technical approach—custom scripts, low-code/no-code platforms, workflow automation, or AI-assisted techniques—based on problem complexity and process maturity
• Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud platforms) to support compliance by design
• Contribute to scalable approaches for evidence collection, control testing, risk tracking, and reporting
• Identify opportunities to reduce GRC toil and compliance friction for both the business and the security team
• Treat GRC capabilities as internal products, iteratively improving workflows, usability, and sustainability over time
• Partner with IT, engineering, legal, privacy, and business teams to support effective and practical security control implementation
• Translate regulatory and framework requirements into clear, implementable expectations
• Provide guidance and support to stakeholders to help them meet compliance requirements with minimal disruption
• Maintain awareness of emerging threats, regulatory changes, and industry best practices

Summary of Requirements:

• Minimum of four (4) years of related experience in security development technologies and practices.
• Professional experience with an architectural understanding of network security and application security.
• Experience with work on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.
• Strong knowledge of networking concepts, protocols (TCP/IP, HTTP, DNS, TLS) and technologies including firewalls, TLS, IDS/IPS system, cryptographic systems, identity management systems, RADIUS, etc.
• Experience with programming/scripting (Python/Perl/bash/etc.).
• Strong understanding of networking topologies and protocols.
• Experience working in multiple security domains with a focus on risk-based analysis of anomalies, detection and response.
• Proven experience with work on complex security issues where analysis of situations or data requires an in-depth evaluation of variable factors.
• Undergraduate degree in Computer Science, a related field, or equivalent.

Applicants must be legally eligible to work in the United States to be considered. Visa sponsorship is not available for this role.

This position is HYBRID in Redmond, WA. Hybrid positions require regular onsite work following the schedule and guidelines for their division. This position is not open to fully remote status at this time. Relocation assistance may be available.