Senior GRC Engineer

Docker

3d•Remote

About The Position

At Docker, we make app development easier so developers can focus on what matters. Our remote-first team spans the globe, united by a passion for innovation and great developer experiences. With over 20 million monthly users and 20 billion image pulls, Docker is the #1 tool for building, sharing, and running apps—trusted by startups and Fortune 100s alike. We’re growing fast and just getting started. Come join us for a whale of a ride! As an experienced Senior GRC Engineer, you’ll be a trusted advisor, collaborating closely with engineering and product teams to ensure security and compliance is a cornerstone of every product. You’ll partner with leadership to shape product strategy, advocate for strong security controls and influence future product iterations. By leveraging your deep industry knowledge, and expertise in programming and automation, you’ll drive the development and implementation of Governance, Risk and Compliance frameworks. You will develop and optimize automated solutions to streamline compliance processes, improve risk management workflows, and integrate GRC tools supporting Docker’s systems. This is a unique opportunity to make a foundational impact on the security of an innovative, fast-growing company by building scalable, proactive solutions that protect both our platform and the customers who trust us.

Requirements

Have 6 to 8 years of experience in Information Technology, Security Engineering, Governance, Risk and Compliance
Proven experience in GRC engineering with a strong focus on automation and programming
Proficiency in programming languages such as Python, and Golang
Will have familiarity setting up APIs and Webhooks, at least one scripting language, and at least one public cloud architecture and control tool
Hands-on experience with cloud environments, (e.g., AWS, Azure, Google Cloud) and their compliance automation tools
Experience with DevSecOps practices and integrating security compliance into CI/CD pipelines
In-depth knowledge of security framework controls as they apply to public cloud (AWS, GCP), and SaaS environments
Have knowledge of information security risk management and information security technologies (e.g: SIEM, vulnerability management, data loss prevention and /or endpoint protection)
Strong project management skills with the ability to lead and execute security assessment projects, vendor evaluations and initiatives on time with multiple stakeholders
Solid understanding of regulatory and compliance standards (e.g., GDPR, ISO 27xxx, SOC 2)
Ability to communicate complex technical and compliance information effectively to both technical and non-technical audiences
Serve as the subject matter expert and advisor on complex security risks issues.
Ability to participate in our incident response team on-call rotation
Thrive in fast-paced environments and can adapt quickly in the face of constantly evolving cybersecurity challenges

Nice To Haves

Relevant industry certifications such as CISSP, CISA, CRISC

Responsibilities

Design, develop, and maintain automation automation workflows to streamline GRC processes such as compliance monitoring, controls, reporting and risk assessments
Implement and customize GRC platforms using programming languages and APIs
Develop scripts and tools to automate repetitive GRC tasks, such as audit evidence collection and control testing
Build and maintain dashboards for real-time risk and compliance monitoring using data visualization tools
Monitor, assess, and mitigate risks by leveraging automated systems and data-driven insights.
Support internal and external audits by providing automated solutions for data collection and evidence generation.
Cross collaborate between multiple security disciplines, supporting security engineering initiatives
Establish partnerships with internal/external auditors, regulators, business stakeholders develop security requirements and controls.
Perform critical data security reviews over newly released products and features.
Oversee and maintain the Risk Register and Risk Management program to document, measure, and report assessments, risks, controls findings, and remediation activity
Develop and maintain security metrics, using automated and manual processes to produce relevant KPIs about the governance program
Draft and maintain corporate Information Security policies and departmental procedures and maps them to relevant control standards
Builds and maintains company awareness and education progress around compliance
Stay current with regulatory and industry standards (e.g., ISO 27xxx, SOC 2, GDPR, NIST) and ensure compliance requirements are met
Manage Dockers vendor due diligence process ensuring compliance and security controls are met.

Benefits

Freedom & flexibility; fit your work around your life
Designated quarterly Whaleness Days plus end of year Whaleness break
Home office setup; we want you comfortable while you work
16 weeks of paid Parental leave
Technology stipend equivalent to $100 net/month
PTO plan that encourages you to take time to do the things you enjoy
Training stipend for conferences, courses and classes
Equity; we are a growing start-up and want all employees to have a share in the success of the company
Docker Swag
Medical benefits, retirement and holidays vary by country
Remote-first culture, with offices in Seattle and Paris