Technical GRC Engineer (Governance, Risk and Compliance)

Legora AB-posted 1 day ago
Full-time • Mid Level
Onsite • Stockholm, NY
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

At Legora, protecting our clients' highly sensitive legal data is fundamental to everything we do. We're building a security and compliance program designed for the AI era: Zero Trust architecture, rigorous governance, and continuous compliance as non-negotiables. We are expanding our security team with a technical GRC Engineer who brings hands-on engineering experience into the world of governance, risk, and compliance. This role is for someone who has worked as a software engineer or has strong technical skills with programming and wants to build smart, automated GRC processes that work seamlessly with engineering teams. You'll be comfortable with frameworks like FedRAMP and can speak the language of our engineers, understand our infrastructure, and act as a proactive enabler embedded within engineering teams to solve and mitigate security and compliance risks. This role can be either based in Stockholm, Sweden or NYC, US. For both locations, we have a 5-day in-office policy, we believe building together in person drives better outcomes.

  • Own and maintain compliance frameworks including ISO 27001, ISO 42001, SOC 2 Type II, and FedRAMP, ensuring all policies, procedures, and controls are documented, implemented, and continuously improved through automation where possible.
  • Embed with engineering teams to understand our Azure cloud infrastructure, development practices, and CI/CD pipelines — acting as a trusted technical advisor who can identify security and compliance risks early in the development lifecycle.
  • Build and maintain automated GRC tooling and workflows using infrastructure-as-code, scripting (Python, Bash, PowerShell), and GenAI tools to streamline compliance activities and reduce manual overhead.
  • Configure and manage logging tools, SIEM systems, and security monitoring platforms to ensure comprehensive audit trails and compliance evidence collection across the tech stack.
  • Serve as incident manager for security incidents, coordinating cross-functional engineering efforts, managing communication, and ensuring timely resolution while maintaining compliance with incident response procedures.
  • Conduct risk assessments, threat modeling, and gap analyses with a technical lens, working directly with product and infrastructure teams to prioritize and implement remediation efforts.
  • Coordinate internal and external audits, penetration tests, and compliance assessments — leveraging your technical background to efficiently gather evidence, explain technical controls, and manage remediation plans.
  • Develop lightweight, actionable security policies and standards that align with regulatory frameworks (GDPR, ISO 27001, SOC 2, ISO 42001, FedRAMP) while being practical for engineering teams to implement.
  • Support secure AI governance by defining technical controls that protect data in AI workflows, prevent adversarial use, and ensure responsible AI practices aligned with ISO 42001.
  • Manage vendor risk through technical security reviews and due diligence assessments, evaluating third-party integrations and tools from both a compliance and security architecture perspective.
  • Track and report on security metrics, KPIs, and compliance status to leadership, providing technical insights and data-driven recommendations.
  • You have 3+ years of experience as a software engineer, DevOps engineer, or in a technical role, and are transitioning into information security and GRC with a desire to apply your technical expertise to compliance and risk management.
  • You have hands-on experience with cloud platforms (preferably Azure), infrastructure-as-code (Terraform, ARM templates), CI/CD pipelines, and modern development practices.
  • You are comfortable with programming or scripting (Python, Bash, PowerShell, or similar) and can build automation to solve compliance challenges.
  • You understand compliance frameworks such as FedRAMP, ISO 27001, SOC 2 Type II, and can navigate their technical control requirements with confidence.
  • You have experience configuring and integrating logging tools (Azure Monitor, Sentinel, Splunk, ELK) using APIs and connectors to build automated monitoring and alerting workflows.
  • You can serve as an incident manager for security incidents, coordinating engineering teams, managing timelines, and communicating effectively under pressure.
  • You understand Zero Trust principles, OWASP Top 10 risks, and how to apply security best practices across identity, devices, DevOps processes, and cloud services.
  • You have strong analytical and problem-solving skills, with the ability to translate complex technical issues into clear compliance and risk management language for non-technical stakeholders.
  • You have excellent communication skills and can work collaboratively with both technical and non-technical teams, acting as a bridge between engineering and compliance.
  • Experience with securing AI/ML workflows, FedRAMP authorization processes, and building automation with GenAI tools (Zapier, n8n, or similar) is a big plus.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service