Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior GRC Engineer (Cybersecurity): Designing and operating GRC tooling, integrations, and AI-assisted workflows to scale automation across governance, risk, and compliance with an accent on continuous controls monitoring and automated evidence collection. Focus on leading end-to-end certifications like SOC 2 and FedRAMP and translating risk requirements into practical engineering solutions.
Location: San Francisco, California, United States. Must be in office 5 days a week
Salary: $180,000–$200,000
Company
Postman is the world’s leading API platform used by over 45 million developers to simplify the API lifecycle and streamline collaboration.
What you will do
- Design, build, and operate GRC automation for evidence collection, control testing, and compliance reporting.
- Develop integrations between GRC workflows and internal systems using code, low-code platforms, or AI-assisted tooling.
- Lead and own SOC 2, ISO 27001, HIPAA, and FedRAMP certification initiatives end-to-end.
- Drive continuous controls monitoring and automated evidence collection.
- Conduct technical risk assessments and implement controls with cross-functional stakeholders.
- Mentor team members and influence the overall GRC strategy.
Requirements
- 6+ years of cybersecurity GRC experience in high-growth technology environments.
- Proficiency in Python, JavaScript, or similar languages for production-grade automation.
- Deep knowledge of SOC 2, ISO 27001, HIPAA, GDPR, CCPA, and/or FedRAMP.
- Experience integrating GRC tooling with cloud platforms, identity, and asset management systems.
- Hands-on experience with AI-assisted workflows or LLM-powered tooling.
- Must be based in the San Francisco Bay Area and work in office 5 days a week.
Culture & Benefits
- Comprehensive medical coverage, flexible PTO, and wellness reimbursement.
- Monthly lunch stipend and wellness programs for physical and mental health.
- Inclusive culture valuing transparency and honest communication.
- Frequent team-building events and a donation-matching program.
- Flexible schedule within a collaborative in-person environment.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →