Staff Engineer, GRC

About The Position

Requirements

• 5+ years of combined experience in GRC, security engineering, or compliance automation, with demonstrated ability to build automated workflows and integrations.
• Experienced cloud security engineer that has moved into governance, believing that in automated GRC best practices
• Hands-on experience automating GRC workflows using Claude Code or similar AI-assisted development tools (e.g., Cursor, GitHub Copilot). Must be able to demonstrate practical AI-assisted automation work.
• Hands-on experience with GRC platforms, preferably Vanta. Ability to configure, customize, and extend platform capabilities.
• Proficiency in Python scripting and REST API integration for evidence collection, data transformation, and workflow automation.
• Strong business intelligence and data visualization skills — experience building dashboards and metrics reporting (Looker, Tableau, Power BI, or similar) for security or risk programs.
• Strong understanding of control frameworks (SOC 2, HITRUST, HIPAA, NIST CSF) and how to operationalize them through tooling.
• Working knowledge of AI/ML risk frameworks (NIST AI RMF, ISO 42001) and practical experience with AI governance processes.
• Experience with cloud platforms (AWS or GCP) including security configuration review and evidence collection
• Self-directed and comfortable operating with high autonomy in a lean, fast-paced environment.

Nice To Haves

• Experience supporting AI governance councils or responsible AI programs.
• Familiarity with data governance frameworks (CDMC, DAMA DMBOK) and data quality/availability standards.
• CISSP, CISA, CCSK, or equivalent certifications.
• Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD pipeline security.
• Background in healthcare, fintech, or other regulated industries.
• Experience building executive-level security metrics programs or security scorecards.

Responsibilities

• Design, build, and maintain automated evidence collection and continuous control testing workflows in Vanta and supporting tools.
• Develop and operate GRC automation pipelines using Claude Code and similar AI-assisted development tools — writing scripts, building integrations, and eliminating manual compliance processes at speed.
• Build and maintain business intelligence dashboards and metrics reporting for the Security GRC team and broader security organization — including security posture, issue tracking, exception management, risk trends, and program delivery metrics.
• Develop integrations between GRC platforms, cloud environments (AWS, GCP), identity providers, and business systems to automate compliance data flows.
• Operationalize the AI Governance Council's review process — build intake workflows, risk assessment tooling, and tracking for AI use case governance.
• Develop and maintain AI risk assessment frameworks and guardrails aligned to NIST AI RMF, ISO 42001, and emerging regulatory requirements.
• Support SOC 2 Type II, HITRUST, HIPAA SRA/PRA, and other audit and assurance activities, through automated evidence preparation and control documentation.
• Write scripts and build tooling (Python, APIs, workflow platforms, AI-assisted coding tools) to reduce cycle time and focus on scaling
• Maintain and improve the control framework — map controls to obligations, identify gaps, and automate testing where possible.
• Partner with SecOps, IT, Privacy, and Engineering teams to integrate GRC requirements into their toolchains and workflows.
• Support enterprise risk management activities including risk register maintenance, KRI automation, and risk reporting.
• Define and track key metrics across the security organization — translating raw data into executive-ready insights that drive decisions and demonstrate program maturity.
• Other duties as assigned.

Benefits

• Medical, Dental, and Vision plans
• Flexible Spending/Health Savings Accounts
• Flexible PTO
• 401(k) + Company Match
• Life Insurance, Pet insurance, and more