Governance, Risk, and Compliance Engineer

About The Position

Requirements

• 7+ years of experience in IT Audit, Governance, Risk & Compliance, and/or Information Security.
• Bachelor’s degree in Computer Science, Information Technology, Information Systems Management, or equivalent practical experience.
• One or more relevant certifications such as CISA, PCI-P, CIPP, or equivalent.
• Strong working knowledge of major security and privacy frameworks, with hands-on experience interpreting and implementing controls in a cloud-based environment.
• Demonstrated experience using and administering GRC and security tooling.
• Excellent written and verbal communication skills, with the ability to collaborate effectively across technical and non-technical teams.
• Strong problem-solving mindset with the ability to balance risk, business needs, and scalability.
• Comfortable operating in a fast-paced, high-growth environment and acting as a trusted partner to the business.
• High level of ownership, accountability, and attention to detail.
• Ability to learn quickly, adapt to change, and take on additional responsibilities as needed.

Nice To Haves

• Experience with database technologies or data-intensive platforms.
• Hands-on coding or scripting experience (e.g., automation, tooling, or security-related development).
• Experience building or scaling GRC programs in a startup or high-growth SaaS environment.

Responsibilities

• Partner cross-functionally to design, implement, and maintain compliance programs, including SOC 2, ISO 27001 / 27701, PCI-DSS, HIPAA, GDPR, FedRAMP, and others as needed.
• Collaborate closely with Engineering to review and validate compliance-relevant product and infrastructure changes, including hands-on testing and documentation development.
• Execute ongoing compliance operations, including: Employee security onboarding and training Third-party/vendor risk assessments Customer security questionnaires and audits Quarterly access reviews, ASV scans, and risk assessment refreshes
• Support and enhance access governance programs in partnership with Operations, including Okta and ConductorOne onboarding, configuration, and reviews.
• Work with Marketing, Privacy and Legal to support privacy tooling, data protection initiatives, and regulatory requirements.
• Coordinate with the Security team to maintain and improve corporate security tooling, controls, and operational processes.
• Contribute to continuous improvement of GRC processes, automation, and tooling to scale with the business.

Benefits

• Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in 20 countries.
• Healthcare - Employer contributions towards your healthcare.
• Equity in the company - Every new team member who joins our company receives stock options.
• Time off - Flexible time off in the US, generous entitlement in other countries.
• A $500 Home office setup if you’re a remote employee.
• Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites.