Staff GRC Engineer (Remote)

About The Position

Requirements

• 8+ years of experience in security GRC, compliance, risk, or security program work in a SaaS or cloud-native environment, with significant ownership of control design, testing, and program improvement.
• Strong experience with security compliance frameworks such as ISO-27001, NIST CSF, SOC 2, ITGC, and PCI-DSS, including translating framework requirements into practical controls.
• Demonstrated ability to automate or instrument compliance/assurance programs through scripting, APIs, dashboards, platform configuration, or other technical approaches.
• Experience implementing engineering system guardrails for compliance using Policy-as-Code (Terraform) or secure configurations of cloud platform systems (AWS, GitHub, etc.).
• Experience building or improving data security governance, classification, handling rules, or related control practices across business systems, data platforms, or collaboration environments.
• Familiarity with governing and securing AI/Agentic systems and business processing.
• Strong written communication and cross-functional influence skills, with the ability to explain controls, trade-offs, and program expectations to technical and non-technical audiences.
• Ability to collaborate closely with engineers and technical teams to design controls as code, configuration, workflow, or monitoring.
• Strong systems thinker capable of breaking down ambiguous governance problems into workable operating models, measurable outcomes, and implementation steps.
• Comfort balancing strategic design work with operational execution.
• Ability to improve process quality, identify gaps between teams, and drive implementation of better ways of working.
• Comfort leveraging AI tooling and automated workflows to increase scale and velocity.

Nice To Haves

• Experience scaling a unified control framework across multiple governance and compliance frameworks.
• Experience with continuous control monitoring, policy-as-code, or GRC platforms and evidence tooling.
• Familiarity with AI governance or emerging technology risk, especially translating governance needs into practical technical guardrails.

Responsibilities

• Lead control program maturity by designing and maintaining an auditable control framework suitable for a SaaS, cloud, data, and engineering environment.
• Shape and define ezCater’s AI Governance strategy in collaboration with Legal, Data, Engineering, and IT stakeholders.
• Define the implementation, testing, evidence collection, and improvement processes for key controls, emphasizing reliability and automated evidence paths.
• Partner with internal and external audit stakeholders on control design, walkthroughs, exceptions, remediation, and readiness for SOX and related frameworks.
• Rationalize overlapping control requirements across SOC 2, PCI, SOX, and internal policies into a coherent operating model.
• Build continuous control monitoring and automation by identifying opportunities to transition from periodic checks to near-real-time monitoring, especially for critical controls.
• Partner with Security Engineering, IT, Data, and platform teams to automate control testing, evidence collection, validation, and compliance workflows.
• Define necessary logs, metadata, dashboards, and signals for assessing control health and improving compliance observability.
• Shift the program from detective-only controls towards stronger preventive and engineering-embedded control patterns.
• Expand data security policy and program quality by defining and maturing data security policies, standards, and handling requirements.
• Partner with Data, Engineering, and business stakeholders to integrate data governance into access patterns, role design, labeling, masking, retention, and evidence paths.
• Establish operating cadences, ownership models, decision paths, metrics, and continuous improvement loops for a high-quality GRC program.
• Drive clearer documentation, standards, and guidance for technical teams and auditors.
• Support day-to-day GRC and assurance work, including control failures, remediation coordination, and audit operations.
• Improve the team’s ability to handle questionnaires, trust requests, vendor and partner reviews through better structure and automation.
• Act as a practical partner to teams implementing or remediating controls.
• Own a domain with autonomy, lead cross-team efforts, and improve systems, controls, and processes.
• Drive alignment across stakeholders with differing incentives, making pragmatic decisions that balance risk, cost, and operational reality.
• Mentor others, improve documentation and knowledge sharing, and raise the maturity of the Security Engineering & Compliance team.

Benefits

• Market competitive salary
• Stock options
• 12 paid holidays
• Flexible PTO
• 401K with ezCater match
• Health/dental/FSA
• Long-term disability insurance
• Mental health and family planning resources
• Remote-hybrid work option
• Responsibility and autonomy
• Employee meal program (when in office)
• Knowledge that you helped transform the food for work space