Security Engineer (GRC Automation)

TL;DR

Security Engineer (GRC Automation): Designing and implementing automation, dashboards, and integrations for Governance, Risk, and Compliance (GRC) operations with an accent on audit readiness and policy enforcement. Focus on operationalizing the GRC platform (Drata) and building AI-assisted workflows for evidence collection and control monitoring.

Location: Remote (Must be based in the United States or Canada)

Salary: $123,000–$172,000 USD / $111,000–$155,000 CAD

Company

A leading cybersecurity company providing password management and Unified Access Management solutions to ensure a secure and productive digital future.

What you will do

• Implement and integrate the GRC platform (Drata) with key systems and workflows.
• Build and maintain automated workflows for control testing, evidence collection, and audit readiness.
• Design and deploy AI-assisted compliance workflows for vendor questionnaires and control narrative drafting.
• Develop integrations between GRC platforms and systems of record like IAM and asset inventories.
• Create dashboards and reporting to track control health, trust signals, and audit performance.
• Collaborate with Security, GRC, and Engineering teams to embed compliance into operational processes.

Requirements

• 3+ years of experience in security engineering, DevSecOps, or GRC automation.
• Hands-on experience with GRC platforms such as Drata, Vanta, Tines, or JupiterOne.
• Proficiency in scripting and integrations using Python, JavaScript, APIs, and webhooks.
• Familiarity with compliance frameworks including SOC 2, ISO 27001, or NIST 800-53.
• Must be based in the United States or Canada.
• Ability to communicate technical implementations clearly to external auditors and senior stakeholders.

Nice to have

• Experience with event-driven automation platforms like Tines for control validation.
• Familiarity with cloud-native security architecture (AWS IAM, encryption, logging).
• Knowledge of EU AI Act, NIST AI RMF, or emerging AI governance frameworks.
• CISA, Security+, or equivalent certifications.

Culture & Benefits

• Remote-first work environment with requirements for occasional travel to offsites and team events.
• Comprehensive health and wellbeing benefits, including maternity and parental leave top-ups.
• Financial growth opportunities through an RSU program and retirement matching.
• Generous PTO policy and paid volunteer days.
• Culture based on transparency, high performance, and the active adoption of AI tools.