Senior Security Engineer (GRC)

TL;DR

Senior Security Engineer (GRC): Managing the customer-facing compliance program and enterprise sales cycle with an accent on security questionnaires, due diligence, and framework automation. Focus on automating compliance validation for SOC2, ISO 27001, and HIPAA, and performing third-party risk assessments.

Location: Remote (United States and Canada)

Salary: $180,000 - $225,000

Company

hirify.global is an open source programming model that simplifies code and makes applications more reliable for developers.

What you will do

• Own the end-to-end lifecycle of inbound security questionnaires, RFPs, and due diligence requests, including SIG and CAIQ formats.
• Serve as the primary security and compliance representative for enterprise customers, leading calls with security and procurement teams.
• Build and maintain an evergreen response library to ensure consistency and reduce duplication in customer engagements.
• Automate compliance validation for SOC2 Type II, ISO 27001, and HIPAA, coordinating evidence collection and managing external auditors.
• Design and automate third-party risk assessment processes and maintain a corporate risk register with remediation recommendations.
• Author and operationalize security policies and procedures, tracking employee acknowledgments and managing exceptions.

Requirements

• 8+ years of experience in GRC or information security compliance.
• Hands-on experience with at least two major frameworks: SOC2, ISO 27001, HIPAA, PCI-DSS, or FedRAMP.
• Must be based in the United States or Canada.
• Proficiency in scripting and automation using Python, Bash, or similar tools.
• Proven track record of managing high volumes of enterprise security questionnaires.
• Bachelor's degree in Information Security, Computer Science, Business, or a related field.

Nice to have

• Security certifications: CISSP, CISM, CRISC, CISA, or CCSP.
• Experience with GRC platforms such as Vanta, Drata, or Sprinto.
• Familiarity with NIST CSF or NIST 800-53 control frameworks.
• Background in SaaS, fintech, or healthcare environments with regulated data handling.
• Experience drafting Data Processing Agreements (DPAs) or Business Associate Agreements (BAAs).

Culture & Benefits

• Unlimited PTO, 12 holidays, and 2 floating holidays.
• 100% premiums coverage for medical, dental, and vision insurance (US).
• 401K plan (US) and international benefits provided via Remote.com.
• Annual stipends: $3,600 for WFH meals, $1,800 for professional enrichment, and $1,200 for lifestyle spending.
• $1,000 home office setup budget and $74 monthly internet reimbursement.
• Access to the Calm app for mental health and wellness.