Senior GRC Engineer

PostmanSan Francisco, CA
Onsite

About The Position

The Security GRC team is responsible for the overall security posture of Postman by ensuring compliance with applicable regulations and contractual obligations and maintaining effective and efficient governance, risk, and compliance programs. In addition, the Security GRC team is directly involved with supporting and enabling Sales and driving security and compliance initiatives to further the growth of Postman. We seek a Senior GRC Engineer who combines deep GRC expertise with strong engineering skills to build and scale automation across governance, risk, and compliance. This is a hands-on technical role focused on designing and operating GRC tooling, integrations, and AI-assisted workflows that reduce manual effort while improving security assurance. The ideal candidate has experience implementing and maturing compliance programs, including SOC 2, ISO 27001, HIPAA, GDPR, CCPA, and FedRAMP, and can translate security and risk requirements into practical engineering solutions. As a senior member of the Security GRC team, you will partner with Security, Engineering, IT, Legal, Sales, and other stakeholders to shape Postman's GRC strategy. You will own key compliance initiatives, drive continuous controls monitoring, build scalable automation, and serve as a trusted technical advisor on risk and compliance.

Requirements

  • 6+ years of cybersecurity GRC experience in high-growth technology environments.
  • Experience implementing and maturing GRC programs with pragmatic, engineered solutions.
  • Knowledge of SOC 2, ISO 27001, HIPAA, GDPR, CCPA, and/or FedRAMP.
  • Proficiency in Python, JavaScript, or similar for production-grade automation.
  • Experience integrating GRC tooling with ticketing, identity, asset management, and cloud platforms.
  • Experience with AI-assisted workflows or LLM-powered tooling.
  • Strong communication skills translating risk into engineering requirements.
  • Bachelor's degree or equivalent experience

Responsibilities

  • Design, build, and operate GRC automation across evidence collection, control testing, risk tracking, and compliance reporting.
  • Build integrations between GRC workflows and internal systems using code, workflow automation, low-code platforms, or AI-assisted tooling.
  • Lead SOC 2, ISO 27001, HIPAA, and FedRAMP initiatives, owning at least one certification end-to-end.
  • Drive continuous controls monitoring and automated evidence collection.
  • Lead technical risk assessments and control implementation with cross-functional stakeholders.
  • Improve audit readiness through automation and process optimization.
  • Mentor teammates and influence GRC strategy.

Benefits

  • full medical coverage
  • flexible PTO
  • wellness reimbursement
  • monthly lunch stipend
  • wellness programs
  • frequent and fascinating team-building events
  • donation-matching program
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service