Staff GRC Engineer

About The Position

Requirements

• 5+ years in a technical role with strong experience in automation, scripting, and systems integration
• Strong programming skills in Python, JavaScript, or similar languages with experience shipping automation to production
• Experience with infrastructure-as-code and automation tools (e.g., Terraform, Ansible, Jenkins)
• Hands-on API integration experience across cloud platforms, SaaS tools, identity systems, and security tooling
• Familiarity with GRC platforms and the ability to extend them through code and automation
• Working knowledge of cloud environments (GCP preferred; AWS/Azure exposure helpful)
• Practical understanding of compliance and risk frameworks (SOC 2, ISO 27001, NIST, HIPAA, GDPR) and how they translate into controls
• Experience applying AI tools to automate workflows and scale operational processes
• Strong communication skills with the ability to bridge engineering and compliance teams

Nice To Haves

• Certifications such as CISSP, CISA, or CRISC
• Experience embedding compliance controls directly into CI/CD (DevSecOps practices)
• Background in security or infrastructure engineering
• Familiarity with quantitative risk frameworks (FAIR, COSO, ISO 31000)
• Experience building continuous monitoring or continuous compliance systems

Responsibilities

• Designing and maintaining automation workflows that replace manual compliance processes (evidence collection, control testing, policy monitoring, audit reporting)
• Writing production-grade scripts, services, and integrations (Python, JavaScript, YAML, etc.) that connect GRC platforms to internal systems and CI/CD pipelines
• Implementing and customizing GRC platforms (e.g., Vanta, AuditBoard, Drata) through APIs, configuration, and custom automation
• Building dashboards and reporting systems that provide real-time visibility into control health and risk posture
• Embedding compliance checks into engineering workflows so evidence collection and monitoring happen continuously
• Applying AI and LLM-based tools to streamline GRC workflows such as evidence review, control mapping, and risk analysis
• Partnering with Security, IT, and Engineering teams to ensure GRC tooling integrates cleanly into existing environments
• Supporting audits through automated data collection and evidence generation
• Providing technical guidance and training to teams on GRC automation best practices

Benefits

• Competitive compensation
• Restricted Stock Units
• Paid time off & paid holidays
• Comprehensive health, dental & vision insurance
• Employer contributions to HSA account
• Paid parental leave
• Paid life insurance, short-term and long-term disability
• Professional development & tuition reimbursement
• Mental health & wellness support
• Commuter benefits (parking & transit)
• Cell phone stipend
• 401(k) Retirement plan with company match up to 4% of salary
• Volunteer time off