GRC Engineer

Method Financial•Washington, DC

4d•$125,000 - $160,000

About The Position

We're hiring a GRC Engineer to help build and operationalize Method's Security and Compliance function. You'll play a critical role in enabling trust for our customers by designing, implementing, and maintaining compliance programs for a modern financial platform used across a wide range of regulated industries. This is a hands-on role with broad ownership and real impact. You'll own the day-to-day governance, risk, and compliance operations — maintaining audit readiness, responding to enterprise security reviews with confidence, and scaling our compliance footprint as the business grows. That means understanding applicable frameworks, translating requirements into practical and scalable controls, and partnering across the company to embed compliance into our products, systems, and operations. You'll work closely with Engineering, Finance, Legal, and Go-to-Market teams to ensure our security controls are not only documented but operationalized. You'll have the opportunity to apply your expertise directly, influence technical and business decisions, and grow alongside a fast-moving organization as our compliance and security programs continue to evolve.

Requirements

3–5+ years of experience in IT Audit, Governance, Risk & Compliance, and/or Information Security, ideally in a startup or growth-stage environment.
Direct experience with SOC 2; PCI-DSS experience strongly preferred.
Comfortable working directly with auditors, managing audit timelines, and driving evidence collection across teams.
Strong understanding of cloud infrastructure (AWS), identity systems (Okta), and SaaS environments.
Able to understand and explain data flows, APIs, and infrastructure controls to both technical and non-technical audiences.
Experience with GRC platforms, security questionnaire tools, or compliance automation tooling is a plus.
Highly organized and process-oriented, with strong written communication skills.
Low ego, collaborative, and pragmatic — someone teammates genuinely want to work with.

Nice To Haves

Hands-on coding or scripting experience (e.g., automation, tooling, or security-related development).
Experience building or scaling a GRC program from the ground up.
Security industry qualification (CISSP, CISM, CISA, or similar).
Cloud-specific certifications (CCSP, AWS Certified Security Specialty, CCSK, etc.).

Responsibilities

Partner cross-functionally to design, implement, and maintain compliance programs, including SOC 2, PCI-DSS, and others as needed.
Own and maintain the compliance platform (Drata), including control mapping, evidence collection, continuous monitoring, and audit workflows.
Manage control documentation, policies, procedures, and supporting artifacts across multiple compliance frameworks.
Perform risk assessments, vendor security reviews, and control gap analyses, and track remediation through to completion.
Build and maintain vendor risk management processes, including onboarding evaluations, annual reviews, risk scoring, and data sensitivity assessments.
Partner with Finance and Legal to implement structured vendor and customer risk profiling programs.
Partner with Security, IT, and Engineering teams to ensure technical and administrative controls align with documented policies and compliance requirements, including hands-on testing.
Support Go-To-Market teams with customer security questionnaires, audits, and compliance packaging for sales cycles.
Conduct periodic user access reviews and assist with access governance and RBAC validation.
Develop and maintain compliance reporting, metrics, and executive-ready summaries.
Identify process gaps and implement scalable governance improvements, including automation and tooling to scale with the business.
Oversee security awareness training and compliance education initiatives.
Participate in incident response activities, providing risk analysis and remediation support as needed.