Senior Risk and Compliance Automation Engineer

About The Position

Requirements

• BS Degree in Computer Science or Engineering, or a related field (or equivalent practical experience).
• 8+ years in compliance automation, backend engineering, SRE, GRC engineering, or similar technical fields.
• Strong experience in Python, SQL, and SaaS/cloud API integrations (Snowflake, Databricks, AWS, Okta, Jira, GitHub).
• Demonstrated ability to automate GRC processes (evidence pipelines, control checks, dashboards, or similar).
• Experience building data pipelines or structured reporting for risk, security, or compliance programs.
• AI‑native working style; daily use of Cursor, Claude Code, MCP workflows, or equivalent.
• Experience building recurring automations that are reliable but not necessarily production‑grade (scripts, agents, services).
• Understanding of security and compliance frameworks (SOC2, PCI, ISO27001, NIST CSF, privacy).

Nice To Haves

• Experience with GRC automation platforms (e.g., Tines, ZenGRC, Hyperproof, Drata, or equivalent).
• Familiarity with risk metrics, scenario modeling inputs, or control‑maturity frameworks (not required to perform quantification).
• Experience automating controls across multi‑subsidiary or multi‑product environments.
• Comfort with policy‑as‑code concepts or infrastructure scanning patterns.
• Familiarity with real‑time control monitoring and drift detection.
• Experience building dashboards for security/compliance programs.

Responsibilities

• Design and build automation for GRC processes, including evidence collection, control validations, real‑time control effectiveness checks, and broader GRC workflows (e.g., risk register, Third Party Risk assessments, enterprise systems controls definition).
• Use AI‑native tools (Cursor, Claude Code, MCP integrations) to rapidly build recurring scripts, agents, and automations, prioritizing speed and scalability.
• Build integrations across Snowflake, Databricks, Jira, GitHub, Okta, cloud APIs, and internal systems to unify and automate control evidence.
• Design data pipelines that aggregate and normalize risk‑relevant data across Snowflake, Databricks, Jira, GitHub, Okta, and security tooling to support KRIs, control‑maturity insights, and risk dashboards.
• Build dashboards and operational views that present risk trends, scenario inputs, and control‑maturity indicators alongside audit‑readiness status.
• Mentor and upskill GRC teammates on automation patterns, enabling them to run and maintain systems.
• Serve as the SME for automated workflows when issues arise, partnering with GRC team members to validate expected behavior and troubleshoot gaps.
• Develop vendor‑agnostic automation solutions, using orchestration tools where helpful but writing custom code when needed.
• Contribute to scalable onboarding of new subsidiaries by templating automation patterns that apply across diverse business units.