Technical GRC Engineer (Governance, Risk and Compliance)

About The Position

Requirements

• You have 3+ years of experience as a software engineer, DevOps engineer, or in a technical role, and are transitioning into information security and GRC with a desire to apply your technical expertise to compliance and risk management.
• You have hands-on experience with cloud platforms (preferably Azure), infrastructure-as-code (Terraform, ARM templates), CI/CD pipelines, and modern development practices.
• You are comfortable with programming or scripting (Python, Bash, PowerShell, or similar) and can build automation to solve compliance challenges.
• You understand compliance frameworks such as NIST 800-53, ISO 27001, SOC 2 Type II, and can navigate their technical control requirements with confidence.
• You have experience configuring and integrating logging tools (Azure Monitor, Sentinel, Splunk, ELK) using APIs and connectors to build automated monitoring and alerting workflows.
• You can serve as an incident manager for security incidents, coordinating engineering teams, managing timelines, and communicating effectively under pressure.
• You understand Zero Trust principles, OWASP Top 10 risks, and how to apply security best practices across identity, devices, DevOps processes, and cloud services.
• You have strong analytical and problem-solving skills, with the ability to translate complex technical issues into clear compliance and risk management language for non-technical stakeholders.
• You have excellent communication skills and can work collaboratively with both technical and non-technical teams, acting as a bridge between engineering and compliance.

Nice To Haves

• Experience with securing AI/ML workflows and building automation with GenAI tools (Zapier, n8n, or similar) is a big plus.

Responsibilities

• Own and maintain compliance frameworks including ISO 27001, ISO 42001, SOC 2 Type II, ensuring all policies, procedures, and controls are documented, implemented, and continuously improved through automation where possible.
• Embed with engineering teams to understand our Azure cloud infrastructure, development practices, and CI/CD pipelines — acting as a trusted technical advisor who can identify security and compliance risks early in the development lifecycle.
• Build and maintain automated GRC tooling and workflows using infrastructure-as-code, scripting (Python, Bash, PowerShell), and GenAI tools to streamline compliance activities and reduce manual overhead.
• Configure and manage logging tools, SIEM systems, and security monitoring platforms to ensure comprehensive audit trails and compliance evidence collection across the tech stack.
• Serve as incident manager for security incidents, coordinating cross-functional engineering efforts, managing communication, and ensuring timely resolution while maintaining compliance with incident response procedures.
• Conduct risk assessments, threat modeling, and gap analyses with a technical lens, working directly with product and infrastructure teams to prioritize and implement remediation efforts.
• Coordinate internal and external audits, penetration tests, and compliance assessments — leveraging your technical background to efficiently gather evidence, explain technical controls, and manage remediation plans.
• Develop lightweight, actionable security policies and standards that align with regulatory frameworks (GDPR, ISO 27001, SOC 2, ISO 42001, NIST 800-53) while being practical for engineering teams to implement.
• Support secure AI governance by defining technical controls that protect data in AI workflows, prevent adversarial use, and ensure responsible AI practices aligned with ISO 42001.
• Manage vendor risk through technical security reviews and due diligence assessments, evaluating third-party integrations and tools from both a compliance and security architecture perspective.
• Track and report on security metrics, KPIs, and compliance status to leadership, providing technical insights and data-driven recommendations.