GRC Specialist

About The Position

Requirements

• 3+ years of experience in a technical compliance role, IT internal audit, or GRC environment, ideally within an enterprise SaaS platform.
• Experience building workflow automations using industry standard platforms (e.g., Workato, Claude, or native GRC platform automation engines).
• Hands-on experience reviewing or auditing cloud environments (Cloud infrastructure, IAM, and native logging systems) and AI programs.
• A bachelor’s degree or equivalent related working experience is required.
• Passionate about automation and efficiency, with a strong interest in leveraging AI and orchestration tools to optimize risk practices.
• Knowledgeable about information security fundamentals, cloud compliance principles, and the core mechanics of continuous control monitoring.
• Familiar with performing control testing or supporting technology audits, with some exposure to cloud environments (AWS/GCP/Azure) and enterprise ecosystems.
• Familiar with common control frameworks, specifically ISO 27001, ISO 42001, NIST AI, SOC 2, gained through direct support of an audit or compliance program.
• Ability to translate manual compliance workflows into structured logic and discuss technical automation requirements clearly with stakeholders.
• Strong problem-solving and analytical skills to proactively identify repeatable day-to-day bottlenecks and design automated, sustainable solutions.

Nice To Haves

• One or more current qualifications is nice-to-have: CISA, CRISC, CISSP, CIA, CPA, or relevant cloud/automation certifications (e.g., Azure, AWS, GCP, Workato).
• Familiarity with AIUC-1 is nice to have.

Responsibilities

• Collaborating with the GRC and Internal Audit teams to architect and deploy AI agentic capabilities, such as multi-step Claude workflows, Workato recipes, and autonomous control monitoring processes in order to eliminate repeatable manual GRC overhead and streamline evidence validation.
• Engineering continuous control monitoring pipelines and real-time control checks for our key security frameworks in order to shift Collibra from point-in-time sampling to an always-audit-ready risk posture.
• Supporting the technical GRC infrastructure integration of new cloud environments into our control framework starting in Q3.
• Facilitating automated governance guardrails and continuous monitoring systems for our expanding portfolio (i.e. AIUC-1) in order to maintain ongoing compliance.
• Partnering closely with Internal Audit and GRC colleagues to evaluate manual processes and controls and leverage orchestration and automation platforms in order to maximize the strategic efficiency and impact of our risk mitigation practices.
• Helping design automated key risk indicator (KRI) and key performance indicator (KPI) reporting to senior management.
• Administering the day-to-day functions of Collibra’s GRC platforms and tools (i.e. Optro) to maintain a reliable source of truth.

Benefits

• equity ownership at every level
• bonus potential
• a Flex Fund monthly stipend
• pension/401k plans
• competitive compensation
• health coverage
• time off