GRC Engineer

Scytale is a global leader, an AI-powered company transforming how organizations achieve and maintain trust and compliance. Our platform automates frameworks SOC 2, ISO 27001, SOX ITGC, GDPR, PCI DSS, and 60+ more frameworks, making compliance smarter, faster, and continuously audit-ready.

Built for startups, scale-ups, and enterprises, Scytale combines intelligent automation, real-time monitoring, and AI-driven insights to reduce manual work and eliminate compliance blind spots. Recognized as a G2 Leader in GRC and an AWS Rising Star Partner of the Year, Scytale is trusted by hundreds of companies worldwide and known for its technology and partnership-driven approach.

We're hiring a GRC Engineer to help that team scale.

About the Role

This is not a checkbox-compliance role, and it's not a pure software role either. It sits deliberately in the middle.

As our GRC Engineer, you'll treat governance, risk and compliance as an engineering problem: something you design, build, test and operate with real rigour. Your mission is to make our GRC delivery faster, more consistent and more scalable — building the automation, tooling, integrations and data workflows that let a single consultant deliver more value to more customers without burning out or cutting corners.

You'll work at the intersection of our GRC consultants, our product, and the data sources that drive compliance evidence (cloud platforms, ticketing, HR systems, CRM and our own platform). Where the team does something manual and repetitive today, your job is to ask: can this be engineered away, monitored continuously, or generated as a byproduct of work we already do?

What You'll Bring

• Solid working knowledge of at least one major compliance framework (SOC 2, ISO 27001 or similar) - you understand controls and evidence, not just the vocabulary.
• Hands-on technical ability: scripting/automation (e.g. Python), comfort with APIs and structured data, and a builder's instinct for solving repetitive problems with tooling.
• Familiarity with cloud environments and how compliance-relevant data lives across them.
• Systems thinking: you see processes, dependencies and failure points, not just isolated tasks.
• A pragmatic, outcomes-first approach - you'd rather automate one real bottleneck well than build a flashy thing nobody uses.
• Strong communication skills and the ability to work across technical and non-technical stakeholders.

Nice to Have

• Experience in a compliance, audit, security or GRC delivery environment.
• Exposure to infrastructure-as-code, CI/CD, or continuous monitoring concepts.
• Experience integrating or automating against platforms like HubSpot, Slack, Google Workspace, or cloud provider APIs.
• A relevant certification (e.g. ISO 27001 Lead Implementer/Auditor, CISA, cloud security certs) — useful, not required.

What Success Looks Like

In your first 6–12 months, you'll have removed meaningful manual effort from at least a few core delivery workflows, made compliance and delivery data more visible and trustworthy, and helped the GRC team move from reactive, manual processes toward engineered, repeatable ones.

What You'll Do

• Design and build automations and internal tooling that remove manual steps from our GRC delivery workflows (reporting, evidence handling, capacity tracking, customer health signals).
• Integrate data across systems via APIs so compliance status, control behaviour and delivery metrics are visible in real time instead of assembled by hand.
• Apply a "compliance-as-code" and continuous-assurance mindset: turn periodic, manual checks into monitored, repeatable, version-controlled processes.
• Partner with GRC consultants and managers to identify bottlenecks, then ship pragmatic solutions that fit how the team actually works.
• Build reusable playbooks, templates and scripts that raise consistency and quality across the delivery org.
• Help embed engineering and systems-thinking practices across the GRC team — levelling up colleagues, not just shipping tools in isolation.
• Use modern AI tooling thoughtfully to accelerate compliance and delivery work where it genuinely adds value.

Why Join Scytale?

Innovative Work

Be part of a company shaping the future of security and compliance.

Learning & Growth

Access training, mentorship, and real responsibility early in your career.

Collaborative Culture

Work with smart, supportive colleagues across teams and regions.

Work-Life Balance

Hybrid working model and a culture that supports personal wellbeing.

Ready to innovate and grow with us? Join Scytale and help transform cybersecurity compliance for companies worldwide!