Senior Security Compliance Engineer (GRC)

TL;DR

Senior Security Compliance Engineer (GRC): Designing and optimizing automated compliance solutions for SOC 2, ISO 27001, and PCI frameworks with an accent on GRC automation and continuous control monitoring. Focus on building automated workflows using APIs and scripting to eliminate manual toil and scale security programs.

Location: Must be based in the United States

Company

An AI-first B2C CRM platform that empowers brands to cultivate customer relationships using first-party data.

What you will do

• Design and maintain automated compliance workflows using scripting and APIs for SOC 2, ISO 27001, PCI, and SOX ITGCs.
• Build and improve continuous control monitoring to provide real-time visibility into the company's compliance posture.
• Implement and customize compliance automation platforms such as Drata, Vanta, or Anecdotes.
• Partner with Engineering and Product teams to embed compliance-by-design into architecture decisions.
• Identify opportunities to use AI and automation to eliminate manual toil and scale compliance programs.

Requirements

• 3–5 years of experience in security compliance, GRC engineering, or security engineering.
• Hands-on experience executing compliance programs for SOC 2, ISO 27001, ISO 27017, PCI, and/or SOX ITGCs.
• Proficiency in Python, Go, or SQL for building automation and integrating REST APIs.
• Strong understanding of AWS, Kubernetes, and cloud-native web application architectures.
• Experience operating Compliance Automation platforms (e.g., Drata, Vanta, Anecdotes, HyperProof).
• Must be based in the United States.

Nice to have

• Experience implementing Identity Governance tools for user access reviews (UARs) and just-in-time access (JITA).
• Prior experience in security operations, security engineering, or security architecture roles.
• Familiarity with HIPAA, GDPR, CCPA, or NIS2 frameworks.

Culture & Benefits

• Comprehensive health, welfare, and wellbeing benefits.
• Participation in an annual cash bonus plan and equity opportunities.
• Inclusive work environment that values unique backgrounds and diverse perspectives.
• Emphasis on a "guardrails, not gates" philosophy to empower engineering teams.
• Support for AI fluency and responsible use of AI tools.