Senior Security Engineer I, GRC
About The Position
The Principal GRC Engineer designs and operates the systems that enable continuous security assurance, deep risk visibility, and scalable regulatory compliance. Rather than managing documentation or preparing for audits, this role engineers the infrastructure that allows the organization to demonstrate security and compliance continuously through automation, telemetry, and self-evidencing controls. Operating at the intersection of security engineering, platform engineering, risk management, and regulatory assurance, you will embed governance and control validation directly into how systems are built and operated. By connecting controls, operational telemetry, engineering workflows, and risk signals, you will surface patterns and relationships that traditional GRC programs cannot see, creating a feedback loop where security intelligence continuously informs engineering guardrails and platform architecture. You will report into the Sr. Manager GRC. Work Location: This position is based in our New York City office, requiring a hybrid work schedule with 3 days of in-office work per week. Thursdays are a required in-office day for team meetings and events, while your other two office days are flexible to suit your schedule.
Requirements
- 4+ years experience in Technology related field.
- 4+ years experience in Security Engineering.
- 4+ years of experience in Security Engineering, DevSecOps, or Site Reliability Engineering (SRE), with at least 3 years specifically focused on GRC automation or internal security tooling.
Nice To Haves
- Familiarity with industry standards and compliance frameworks (such as SOC, SOX., NIST, HIPAA) and experience in ensuring organizational adherence to these standards.
- Certifications such as CISSP, CISM, CISA, CEH, or vendor-specific certifications.
- Proficiency in managing security projects, including planning, execution, and successful delivery within timelines and budgets.
Responsibilities
- Design systems that continuously measure and validate security controls through operational telemetry, automated evidence generation, and control health monitoring.
- Build automation and orchestration across security tools, cloud platforms, and engineering systems to eliminate manual compliance processes and reduce audit overhead.
- Translate governance expectations into machine-enforceable guardrails embedded within infrastructure platforms, CI/CD pipelines, and engineering workflows.
- Apply automation, orchestration, and AI-assisted capabilities to scale governance workflows, enabling intelligent analysis and adaptive control systems.
- Architect control and telemetry pipelines where operational systems produce the evidence required for regulatory assurance and audit readiness.
- Compliance with all applicable laws and regulations
- Other duties as assigned
Benefits
- medical
- dental
- vision benefits
- 11 paid holidays
- paid sick time
- paid parental leave
- 401(k) plan participation
- life and disability insurance
- paid wellness time and reimbursements
- unlimited vacation program
- company equity grants
- annual performance bonuses
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
Number of Employees
1-10 employees
