Security Engineer (Cybersecurity)

TL;DR

Security Engineer (GRC/Cybersecurity): Develop, maintain, and improve GRC policies, standards, procedures, and control frameworks for a high-scale AI-powered SaaS platform with an accent on SOC 2 Type II, ISO 27001, PCI DSS compliance initiatives. Focus on leading evidence collection, control validation, vendor risk assessments, and translating technical risks into business-impact language for senior leadership.

Location: Remote (global, remote-first, team across 15+ countries)

Company

AI-powered all-in-one white-label sales & marketing platform serving over 1 million businesses globally, processing billions of API hits and messages daily.

What you will do

• Develop, maintain, and improve GRC policies, standards, procedures, and control frameworks.
• Lead SOC 2 Type II, ISO 27001, PCI DSS, and other compliance initiatives including evidence collection, control validation, and remediation.
• Partner with Security and Platform teams to ensure controls are technically implemented.
• Assess vendor risk posture with Procurement, Legal, and Application Security teams.
• Design scalable workflows for risk assessments, vendor reviews, evidence management, control testing, and reporting.
• Deliver GRC and security awareness training and prepare reports for senior leadership.
• Perform business impact analysis and facilitate BCDR tabletop tests.

Requirements

• Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or related field.
• 4.5+ years in GRC, risk management, or compliance with exposure to technical security controls.
• Strong understanding of security frameworks (SOC 2, ISO 27001, NIST).
• Hands-on experience with technical risk assessments, exception management, third-party security reviews.
• Ability to interpret technical security data (architecture diagrams, cloud controls, access models).
• Strong analytical, documentation, and stakeholder communication skills.

Nice to have

• Master’s degree in relevant field.
• Certifications: CISA, CRISC, CGEIT, CISSP or equivalent.
• Experience in cloud-native or SaaS environments.
• Familiarity with TPRM tooling, GRC automation, risk engineering workflows.
• Knowledge of data protection regulations (GDPR, CCPA).

Culture & Benefits

• Global, remote-first environment with 1,500+ team members across 15+ countries.
• Culture rooted in creativity, collaboration, impact, innovation, and people-first approach.
• Building a global community where ideas are celebrated no matter where you call home.