Senior GRC Engineer

About The Position

Requirements

• 8+ years of experience in cybersecurity, GRC, IT audit, or risk management roles.
• Hands-on expertise in controls testing, vendor security reviews, and risk assessments.
• Knowledge of NIST CSF, SOC2, PCI DSS, and related audit processes.
• Proficiency in GRC tools (Drata, OneTrust, or similar).
• Familiarity with AWS cloud platforms and security best practices.
• Strong communication, documentation, and stakeholder engagement skills.

Responsibilities

• Lead and support cybersecurity controls testing across frameworks (NIST CSF, SOC2, PCI DSS).
• Manage control evidence gathering, documentation, and remediation tracking.
• Maintain and update the cybersecurity risk register; conduct risk assessments on new vendors, technologies, and processes.
• Drive vendor security reviews, assigning risk ratings, validating documentation, and partnering with legal and procurement teams.
• Configure and optimize GRC tooling (Drata, OneTrust) for controls, assessments, and risk workflows.
• Collaborate with DevOps and infrastructure teams to validate cloud security controls in AWS (IAM, networking, logging).
• Create security awareness training, resources, and communications for cross-functional teams.

Benefits

• Medical, Dental, Vision, Life Insurance, Short and Long Term Disability Insurance options.
• Employee Assistance Program.
• Elective voluntary benefits such as accident insurance, hospital indemnity, critical illness, legal assistance and pet insurance.
• Competitive salary and company equity through Restricted Stock Units (RSUs).
• 401K with company match of up to 4% of eligible earnings.
• Flexible PTO for exempt employees (employees typically take 15-20 days annually), along with 8 company-observed holidays.
• Paid parental leave program that provides 100% salary continuation of up to 14 weeks for birthing parents and 8 weeks for non-birthing parents.
• Continuing education and professional development opportunities.