Назад
Company hidden
13 часов назад

GRC Engineer (Fintech)

130 000 - 145 000$
Формат работы
hybrid
Тип работы
fulltime
Грейд
middle
Английский
b2
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

GRC Engineer (Fintech): Building and automating compliance programs (SOC 2, ISO 27001, SOX) with an accent on continuous control monitoring and evidence collection. Focus on codifying control checks, integrating compliance workflows with cloud providers, and reducing manual audit efforts through Python and API automation.

Location: Based in Chicago, IL (Hybrid: Tue-Thu in office). Not open to remote candidates.

Salary: $130,000 - $145,000 USD + 10% target bonus

Company

hirify.global is an industry-leading retail trading platform and futures broker empowering traders worldwide.

What you will do

  • Build and maintain automation for continuous control monitoring and evidence collection using scripts and APIs.
  • Integrate compliance workflows with cloud providers, identity systems, and CI/CD pipelines to automate data collection.
  • Lead and coordinate audits for SOC 2 (Type I and II), ISO 27001, and SOX, including scoping and evidence collection.
  • Identify, assess, and document organizational risks while maintaining the enterprise risk register.
  • Partner with Engineering and IT to evaluate the control impact of new systems, vendors, and architectural changes.
  • Translate complex compliance requirements into practical, engineering-focused guidance.

Requirements

  • 3–5 years of experience in GRC, IT audit, or security compliance.
  • Hands-on experience leading audits for SOC 2, ISO 27001, or SOX frameworks.
  • Proficiency in Python and working with REST APIs to automate evidence collection.
  • Experience with at least one major cloud platform (AWS, GCP, or Azure) and its security services.
  • Must be based in Chicago, IL.
  • Strong understanding of access management, change management, and SDLC controls.

Nice to have

  • Experience with Terraform (IaC) and CI/CD pipeline security.
  • SQL and data analysis skills for control sampling and evidence collection.
  • Certifications such as CISA, CISSP, CCSK, or ISO 27001 Lead Implementer.
  • Experience managing audit timelines directly with external auditors.

Culture & Benefits

  • Hybrid work schedule (Tue-Thu in office) with additional annual flex remote days.
  • 401k plan with a 3.5% company match.
  • Comprehensive health, vision, and dental coverage.
  • Generous PTO, 7 paid holidays, and 1 annual service day.
  • 100% company-covered life and disability insurance.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →