GRC Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Engineering, or related field (or equivalent experience)
• 3–6+ years in security engineering, GRC, GRC engineering, or cloud security roles
• Strong experience with scripting/programming (Python, Go, or similar)
• Hands-on experience with cloud platforms (AWS, Azure, or GCP)
• Familiarity with Infrastructure as Code (Terraform, CloudFormation, etc.)
• Deep understanding of security controls and how they map to compliance frameworks
• Experience integrating APIs and building automation pipelines

Nice To Haves

• Experience with policy-as-code tools
• Experience with GRC automation platforms
• Familiarity with SIEM, SOAR, and security telemetry systems
• Experience building internal tools or platforms for compliance and risk management
• Certifications such as CISSP, CISM, CRISC, or cloud security certifications

Responsibilities

• Conduct third-party risk assessments (TPRM), including vendor reviews, security questionnaires, and risk evaluations
• Maintain and update security policies, standards, and procedures
• Support compliance initiatives across frameworks (SOC 2, ISO 27001, HIPAA, NIST, etc.)
• Perform internal risk assessments, control testing, and gap analyses
• Identify manual, repetitive GRC processes and design automated solutions
• Build and maintain automated evidence collection (via APIs, scripts, and integrations)
• Implement continuous control monitoring (CCM) to replace point-in-time audits
• Translate compliance requirements into technical controls and system configurations
• Validate control effectiveness through automated testing and monitoring
• Enable real-time or near-real-time risk visibility through dashboards and reporting systems
• Work with Security Engineering to continuously audit configurations and remediate drift programmatically
• Build scalable workflows for vendor risk assessments, re-assessments and tracking
• Integrate vendor data into centralized risk systems
• Automate intake, review, and monitoring processes for third-party security posture
• Develop self-service audit evidence systems and dashboards
• Partner with auditors to provide API-driven or system-generated evidence

Benefits

• Competitive salary - $100,000-$140,000
• Employer sponsored health, dental, vision, life, and disability insurance
• Retirement plan with company contribution
• Annual company profit sharing
• Personal development/training budget
• Open, collaborative work environment
• Extensive 2-week onboarding plan
• Comprehensive mentorship program