Security Engineer (GRC)

About The Position

Requirements

• 6+ years of relevant experience in risk-based technology compliance management programs, or security experience
• Experience performing and automating control validation across infrastructure (AWS/GCP), SaaS, and internal applications.
• Experience in performing risk-based testing for control compliance, including the identification, assessment, and mitigation of compliance issues: understanding how to balance the company's risk appetite to compliance needs/requirements
• Familiarity with SOC 2, ISO 27001, and TISAX frameworks, and the ability to interpret them in technical terms (e.g., IAM, logging, encryption, CI/CD controls)

Nice To Haves

• Certifications such as CISA, CRISC, CISSP

Responsibilities

• Facilitate risk assessments and control reviews to accommodate new business areas as well as changes in processes
• Engineer and automate security controls across infrastructure, cloud, and SaaS systems to strengthen our control environment and streamline evidence collection
• Conduct risk assessments against products, features, datasets, applications, and Third Party Risk Management (TPRM)
• Work across teams to evaluate and strengthen the organization’s technical and operational control environment through comprehensive control assessments and architectural security reviews
• Validate security configurations (IAM, encryption, network segmentation, patching) against compliance and internal baselines.
• Ensure organizational compliance with SOC2, ISO27001, TISAX, Data Privacy, federal, state, and local government compliance, or similar regulations

Benefits

• equity in the form of options and/or restricted stock units
• comprehensive health, dental, vision, life and disability insurance coverage
• 401k retirement benefits with employer match
• learning and wellness stipends
• paid time off