Staff GRC Engineer (Remote)

ezCater, IncBoston, MA
$165,000 - $210,000Remote

About The Position

ezCater is seeking a Staff GRC Engineer to join the Security Engineering & Compliance team. This senior individual contributor role focuses on maturing governance, risk, compliance, and data security capabilities. The ideal candidate is a builder-operator who can enhance security controls through expanded monitoring, strengthened data security governance, automation, and improved operational follow-through, making the program scalable, sustainable, and effective.

Requirements

  • 8+ years of experience in security GRC, compliance, risk, or security program work in a SaaS or cloud-native environment, with significant ownership of control design, testing, and program improvement.
  • Strong experience with security compliance frameworks such as ISO-27001, NIST CSF, SOC 2, ITGC, and PCI-DSS, including translating framework requirements into practical controls.
  • Demonstrated ability to automate or instrument compliance or assurance programs through scripting, APIs, dashboards, or platform configuration.
  • Experience implementing engineering system guardrails for compliance using Policy-as-Code (Terraform) or secure configurations of cloud platform systems (AWS, GitHub, etc.).
  • Experience building or improving data security governance, classification, handling rules, or related control practices.
  • Familiarity with governing and securing AI/Agentic systems and business processing.
  • Strong written communication and cross-functional influence skills, with the ability to explain controls and trade-offs to technical and non-technical audiences.
  • Ability to collaborate closely with engineers and technical teams to design controls as code, configuration, workflow, or monitoring.
  • Strong systems thinker capable of breaking down ambiguous governance problems into workable operating models, measurable outcomes, and implementation steps.
  • Comfortable balancing strategic design work with operational execution.
  • Proven ability to improve process quality, identify gaps between teams, and drive implementation of better ways of working.
  • Comfortable leveraging AI tooling and automated workflows.

Nice To Haves

  • Experience scaling a unified control framework across multiple governance and compliance frameworks.
  • Experience with continuous control monitoring, policy-as-code, or GRC platforms and evidence tooling.
  • Familiarity with AI governance or emerging technology risk, especially translating governance needs into practical technical guardrails.

Responsibilities

  • Lead control program maturity by designing and maintaining an auditable control framework tailored to ezCater’s SaaS, cloud, data, and engineering environment.
  • Shape and define ezCater’s AI Governance strategy in collaboration with Legal, Data, Engineering, and IT stakeholders.
  • Define the implementation, testing, evidence collection, and improvement processes for key controls, prioritizing reliability and automated evidence paths.
  • Partner with internal and external audit stakeholders on control design, walkthroughs, exceptions, remediation, and readiness for SOX and related frameworks.
  • Rationalize overlapping control requirements across SOC 2, PCI, SOX, and internal policies into a coherent operating model.
  • Build continuous control monitoring and automation by identifying opportunities to transition from periodic checks to near-real-time monitoring.
  • Automate control testing, evidence collection, validation, and compliance workflows in partnership with Security Engineering, IT, Data, and platform teams.
  • Define necessary logs, metadata, dashboards, and signals for assessing control health and improving compliance observability.
  • Shift the program towards preventive and engineering-embedded control patterns.
  • Expand data security policy and program quality by defining and maturing clear, enforceable data security policies, standards, and handling requirements.
  • Ensure data governance is integrated into access patterns, role design, labeling, masking, retention, and evidence paths.
  • Establish operating cadences, ownership models, decision paths, metrics, and continuous improvement loops for a high-quality GRC program.
  • Drive clearer documentation, standards, and guidance for technical teams and auditors.
  • Drive operational quality improvements by supporting day-to-day GRC and assurance work, including control failures, remediation coordination, and audit operations.
  • Improve the team’s ability to handle questionnaires, trust requests, vendor reviews, and other recurring work through better structure and automated workflows.
  • Act as a practical partner to teams implementing or remediating controls.
  • Lead through influence and systems thinking, owning domains with autonomy and driving cross-team efforts.
  • Drive alignment across stakeholders with differing incentives, making pragmatic decisions that balance risk, cost, and operational reality.
  • Mentor others, improve documentation and knowledge sharing, and raise the maturity of the Security Engineering & Compliance team and its partners.
  • Leverage AI tooling and automated workflows to increase scale and velocity.

Benefits

  • Market competitive salary
  • Stock options
  • 12 paid holidays
  • Flexible PTO
  • 401K with ezCater match
  • Health/dental/FSA
  • Long-term disability insurance
  • Mental health and family planning resources
  • Remote-hybrid work options
  • Responsibility and autonomy
  • Employee meal program
  • Knowledge that you helped transform the food for work space
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service