Security GRC Specialist
About The Position
Profound is on a mission to help companies understand and control their AI presence. We are hiring a Security GRC Specialist to own and scale our security and compliance programs while working closely with engineering, sales, and customer success. Profound sells to enterprises with serious security expectations, and our GRC function is central to closing deals, sustaining customer trust, and meeting the regulatory bar for the markets we operate in. This is not a "watch the dashboard and file the report" role. You'll shape how we build secure systems, push remediation through with engineering, and make sure compliance accelerates the business rather than slowing it down.
Requirements
- 3 to 7+ years in security GRC, compliance, or adjacent security engineering roles
- Hands-on experience with SOC 2, ISO 27001, or similar frameworks
- Experience supporting audits and leading customer-facing security conversations
- Comfortable working with engineers and reasoning about cloud infrastructure, APIs, identity systems, and data flows
- Able to translate between compliance language and engineering reality in both directions
- Proactive and hands-on: you drive changes, you don't just track them
- Comfortable balancing rigor with pragmatism in a fast-moving environment
- Strong written communication, especially with enterprise customers and cross-functional partners
- Experience building or scaling a GRC program from early stages
- Familiarity with automation in compliance workflows
- Background in security engineering, DevOps, or identity and access management
Nice To Haves
- Experience with modern cloud environments (AWS, GCP, or Azure) is a strong plus
Responsibilities
- Own and operate our compliance frameworks: SOC 2, ISO 27001, GDPR, and others as we grow
- Drive audits end to end: readiness, evidence collection, auditor coordination
- Continuously improve controls and reduce compliance overhead through automation
- Lead responses to enterprise security questionnaires, RFPs, and due diligence requests
- Partner with Sales and Customer Success to unblock deals and build trust with security teams at Fortune 500 customers
- Develop and maintain our trust center, security whitepapers, and customer-facing documentation
- Work directly with engineering to design and implement practical security controls across our cloud infrastructure, data pipelines, and customer-facing surfaces
- Partner on identity and access work (SSO, SAML, SCIM, IdP integrations) where security, compliance, and customer-facing requirements intersect
- Translate compliance requirements into technical, scalable solutions
- Identify gaps and drive remediation, not just report them
- Run risk assessments across systems, vendors, and processes
- Maintain policies and standards that are lightweight, current, and actually useful
- Track and report on our security posture and compliance status to leadership
- Improve how we manage compliance: evidence collection, control mapping, automation
- Evaluate and implement GRC and security tooling where it earns its keep
Benefits
- equity
- full range of benefits and perks
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
