about 16 hours ago
Base Salary
$130k - $150k/yr
Responsibilities
- Design and implement policy-as-code and compliance-as-code frameworks.
- Automate control testing and evidence collection using cloud and CI/CD telemetry.
- Integrate GRC processes with engineering tools and workflows.
- Develop reusable tooling and internal platforms for scalable, self-service compliance.
- Build and deploy production-grade automation leveraging LLMs and AI tooling.
- Own the design, development, and maintenance of core GRC automation systems.
- Develop KPIs and KRIs using engineering and cloud data.
- Support risk quantification efforts using frameworks such as FAIR.
- Maintain and improve the security risk register.
- Build automated risk scoring and prioritization models.
- Lead and support audits including SOC 2, ISO 27001, and FedRAMP.
- Build automated audit readiness and continuous compliance processes.
- Collaborate with Product and Engineering teams on security and privacy requirements.
- Automate vendor assessments using AI-assisted questionnaire analysis.
Requirements
- 5+ years in GRC, security engineering, or related roles.
- Experience working in cloud-native environments, particularly AWS.
- Experience supporting audits such as SOC 2 or ISO 27001.
- Relevant certifications such as CISA, CRISC, or AWS Security Specialty are a plus.
- Experience integrating security and compliance into CI/CD pipelines.
- Ability to work with APIs, automation tools, or scripting languages.
- Strong understanding of frameworks such as SOC2 Type II and NIST 800-53.
- Ability to translate regulatory requirements into technical controls.
Benefits
- Flexible PTO with 11 company holidays.
- Fully-paid health benefits including Medical, Dental, and Vision.
- 12 weeks of 100% paid parental leave.
- $50,000-lifetime maximum benefit for fertility and family-related expenses.
- Mental health benefits through Spring Health.
- $150 per month WFH stipend.
- $300 annual productivity stipend.
- One-time $750 home office stipend.