Information Security Engineer, GRC

XBOW

6d•Remote

About The Position

We’re looking for a detail-oriented, Governance, Risk & Compliance Analyst to help scale our security and trust function as we grow. In this role, you’ll play a key part in supporting customer and prospect security reviews, assessing third-party vendor risk, and continuously improving how we identify and manage risk across the business. This is an individual contributor role with no initial people-management responsibilities. However, as the risk and compliance function matures, there is a clear opportunity for this role to grow in scope and responsibility. You’ll work closely with Security, Engineering, Legal, Sales, and Customer teams, acting as a trusted partner in communicating our security posture and ensuring we meet customer and regulatory expectations.

Requirements

3–5+ years of experience in risk, compliance, security assurance, or related roles
Hands-on experience completing or reviewing technical security questionnaires and customer risk assessments
Familiarity and experience with common security and compliance frameworks (e.g. SOC 2, ISO 27001, NIST, FedRAMP)
Comfortable assessing technical controls and working with engineers to understand system architecture
Experience conducting or supporting vendor / third-party risk assessments
Strong written communication skills, with the ability to explain complex security concepts clearly
Highly organized and detail-oriented, with a pragmatic approach to risk
Comfortable working in a fast-moving, remote-first startup environment

Nice To Haves

Experience working in a SaaS or security-focused company
Security or risk certifications (e.g. CRISC, SOC2, ISO 27001 Lead Implementer, FedRAMP)
Experience supporting a company through audit readiness or first-time compliance efforts

Responsibilities

Support customers and prospects by completing technical security questionnaires, risk assessments, and due-diligence requests
Partner with Sales and Customer teams to explain XBOW’s security controls, architecture, and compliance posture
Assess and manage third-party and vendor security risk, including reviews of SaaS providers and service partners
Help maintain and improve risk assessment frameworks, methodologies, and documentation
Track and support remediation of identified risks in collaboration with internal stakeholders
Contribute to compliance initiatives aligned with frameworks such as SOC 2 and ISO 27001
Maintain clear, well-structured risk registers, policies, and supporting evidence
Coordinate risk management sessions and processes
Identify opportunities to streamline and automate risk and compliance processes as the company scales
Support audits, customer reviews, and internal assurance activities as needed

Benefits

Compensation & Equity: Competitive salary and meaningful stock options.
Growth: Opportunity to learn from and collaborate with top security and AI experts
Impact: Work on complex technical challenges that support the foundation of our company
Remote-First:Work from anywhere, with regular opportunities to meet in person

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume