Staff GRC Engineer (Remote)

About The Position

Requirements

• 8+ years of experience in security GRC, compliance, risk, or security program work in a SaaS or cloud-native environment, with significant ownership of control design, testing, and program improvement.
• Strong experience with security compliance frameworks such as ISO-27001, NIST CSF, SOC 2, ITGC, and PCI-DSS, including translating framework requirements into practical controls.
• Demonstrated ability to automate or instrument compliance or assurance programs through scripting, APIs, dashboards, or platform configuration.
• Experience implementing engineering system guardrails for compliance using Policy-as-Code (Terraform) or secure configurations of cloud platform systems (AWS, GitHub, etc.).
• Experience building or improving data security governance, classification, handling rules, or related control practices.
• Familiarity with governing and securing AI/Agentic systems and business processing.
• Strong written communication and cross-functional influence skills, with the ability to explain controls and trade-offs to technical and non-technical audiences.
• Ability to collaborate closely with engineers and technical teams to design controls as code, configuration, workflow, or monitoring.
• Strong systems thinker capable of breaking down ambiguous governance problems into workable operating models, measurable outcomes, and implementation steps.
• Comfortable balancing strategic design work with operational execution.
• Proven ability to improve process quality, identify gaps between teams, and drive implementation of better ways of working.
• Comfortable leveraging AI tooling and automated workflows.

Nice To Haves

• Experience scaling a unified control framework across multiple governance and compliance frameworks.
• Experience with continuous control monitoring, policy-as-code, or GRC platforms and evidence tooling.
• Familiarity with AI governance or emerging technology risk, especially translating governance needs into practical technical guardrails.

Responsibilities

• Lead control program maturity by designing and maintaining an auditable control framework tailored to ezCater’s SaaS, cloud, data, and engineering environment.
• Shape and define ezCater’s AI Governance strategy in collaboration with Legal, Data, Engineering, and IT stakeholders.
• Define the implementation, testing, evidence collection, and improvement processes for key controls, prioritizing reliability and automated evidence paths.
• Partner with internal and external audit stakeholders on control design, walkthroughs, exceptions, remediation, and readiness for SOX and related frameworks.
• Rationalize overlapping control requirements across SOC 2, PCI, SOX, and internal policies into a coherent operating model.
• Build continuous control monitoring and automation by identifying opportunities to transition from periodic checks to near-real-time monitoring.
• Automate control testing, evidence collection, validation, and compliance workflows in partnership with Security Engineering, IT, Data, and platform teams.
• Define necessary logs, metadata, dashboards, and signals for assessing control health and improving compliance observability.
• Shift the program towards preventive and engineering-embedded control patterns.
• Expand data security policy and program quality by defining and maturing clear, enforceable data security policies, standards, and handling requirements.
• Ensure data governance is integrated into access patterns, role design, labeling, masking, retention, and evidence paths.
• Establish operating cadences, ownership models, decision paths, metrics, and continuous improvement loops for a high-quality GRC program.
• Drive clearer documentation, standards, and guidance for technical teams and auditors.
• Drive operational quality improvements by supporting day-to-day GRC and assurance work, including control failures, remediation coordination, and audit operations.
• Improve the team’s ability to handle questionnaires, trust requests, vendor reviews, and other recurring work through better structure and automated workflows.
• Act as a practical partner to teams implementing or remediating controls.
• Lead through influence and systems thinking, owning domains with autonomy and driving cross-team efforts.
• Drive alignment across stakeholders with differing incentives, making pragmatic decisions that balance risk, cost, and operational reality.
• Mentor others, improve documentation and knowledge sharing, and raise the maturity of the Security Engineering & Compliance team and its partners.
• Leverage AI tooling and automated workflows to increase scale and velocity.

Benefits

• Market competitive salary
• Stock options
• 12 paid holidays
• Flexible PTO
• 401K with ezCater match
• Health/dental/FSA
• Long-term disability insurance
• Mental health and family planning resources
• Remote-hybrid work options
• Responsibility and autonomy
• Employee meal program
• Knowledge that you helped transform the food for work space