GRC Engineer I

This is a fully remote position, open to applicants in India.

📋 Description

• Support Compliance Initiatives: Aid in the implementation and ongoing maintenance of cybersecurity compliance programs that align with SOC 2, ISO 27001, and other regulatory standards.

• Maintain Documentation: Create and revise cybersecurity policies, procedures, and control evidence to facilitate audits and assessments.

• Assist in Risk Mitigation: Collaborate with internal and external teams to identify, monitor, and assist in resolving cybersecurity risks and control deficiencies.

• Coordinate Project Tasks: Support various compliance projects by managing documentation, timelines, and deliverables under the guidance of senior staff.

• Communicate with Clients: Interact with clients through email, chat, and phone calls to collect evidence, clarify compliance requirements, and provide timely updates.

• Perform Control Testing: Execute basic control checks and assist in readiness reviews to ensure ongoing compliance with both internal and external standards.

• Collaborate Cross-Functionally: Work alongside IT, security, and operations teams to implement corrective measures and enhance compliance posture.

• Learn and Grow: Receive guidance from senior team members while contributing to the enhancement of processes, templates, and playbooks for compliance delivery.

⛳️ Requirements

• Strong organizational skills with the capacity to manage multiple cybersecurity compliance projects simultaneously.

• Exceptional written and verbal communication skills in English.

• Proven experience in direct client interaction in the US.

• Background in cybersecurity compliance, including familiarity with SOC 2, ISO 27001, or NIST CSF frameworks.

• Knowledge of creating and enforcing cybersecurity policies.

• Experience in a technology company with a focus on cybersecurity.

• Ability to thrive in a dynamic startup environment.

• Familiarity with Vanta or similar compliance automation tools (Nice to Have).

• Additional experience with frameworks such as GDPR, HIPAA, or PCI DSS (Nice to Have).

• Certifications such as ISO 27001 Lead Implementer, CISA, or Security+ (Nice to Have).

🏝️ Benefits

• Career Development: Clearly defined path with mentorship and training opportunities.

• Technical Training: Thorough onboarding on security and compliance frameworks.

• Competitive Compensation: A competitive base salary with regular performance evaluations tied to merit-based assessments and bonus opportunities.

• Growth Opportunity: Early-stage company with ample prospects for career advancement.

• Remote-First Culture: Flexibility to work from any location while collaborating with a global team.