GRC Engineer

About the Role

We're seeking a GRC Engineer to join our security team and strengthen our governance, risk, and compliance programs. You'll work alongside technical security engineers to build and implement practical frameworks that protect customer data while enabling business operations across our marketing technology platform.

What You'll Do

• Own compliance programs including ISO 27001 and SOC 2, coordinating audits, managing evidence collection, and maintaining certifications
• Implement and manage a GRC automation platform (Drata, Vanta, or similar) to streamline compliance workflows and continuous monitoring
• Develop and refine security policies and procedures that meet regulatory requirements while remaining practical for engineering teams
• Assess risks across production, non-production, and QA environments, prioritizing security initiatives based on business impact and compliance obligations
• Bridge technical and business stakeholders by translating security requirements into language appropriate for different audiences
• Manage vendor security assessments and third-party risk reviews in partnership with procurement and legal teams
• Develop metrics and reporting that give leadership visibility into compliance status and risk landscape

• Strong hands-on experience with AWS environments and cloud security controls (EC2, IAM, CloudTrail, Config, Security Hub, etc.)
• Scripting skills in Python, Bash, or similar languages to automate compliance tasks and evidence collection
• Proven experience implementing and managing GRC automation tools such as Drata, Vanta, or similar platforms
• Understanding of compliance frameworks like ISO 27001, SOC 2, GDPR, and CCPA (formal audit experience not required)
• Comfort reading technical documentation and collaborating with engineering teams
• Strong project management skills with ability to manage multiple compliance initiatives simultaneously
• Clear communication skills for both technical and non-technical audiences
• Technical background preferred over traditional audit experience
• Certifications like AWS Security Specialty, CRISC, CISA, or CISSP a plus

Why Join Us

• You'll work with a supportive security team that values both technical expertise and GRC discipline, with leadership backing for necessary security investments and the opportunity to shape our compliance strategy as we grow.
• Reports to: Director, GRC