Senior GRC Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Design and implement frameworks for policy-as-code and compliance-as-code.

• Automate the testing of controls and evidence collection using cloud and CI/CD telemetry.

• Integrate Governance, Risk, and Compliance (GRC) processes with engineering tools and workflows.

• Create reusable tools and internal platforms for scalable, self-service compliance.

• Develop and deploy production-grade automation utilizing LLMs and AI tools (e.g., for control mapping, evidence analysis, and anomaly detection).

• Take ownership of the design, development, and upkeep of core GRC automation systems and services.

• Establish Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) utilizing engineering and cloud data.

• Assist in risk quantification efforts using frameworks like FAIR.

• Maintain and enhance the security risk register.

• Utilize data modeling and AI techniques to detect emerging risks and minimize false positives.

• Create automated risk scoring and prioritization models based on real-time engineering and security data.

• Lead and assist in audits including SOC 2, ISO 27001, ISO 27701, FedRAMP, and CJIS.

• Establish automated audit readiness and continuous compliance processes.

• Act as a primary point of contact for both internal and external auditors.

• Collaborate with Product and Engineering teams on security and privacy requirements.

• Support customer security reviews, Requests for Information (RFIs), and trust center initiatives.

• Work alongside Legal and Privacy teams to ensure regulatory alignment.

• Automate vendor assessments through AI-assisted questionnaire analysis and response validation.

• Develop workflows to ingest, analyze, and assess third-party risk data at scale.

⛳️ Requirements

• A minimum of 5 years of experience in GRC, security engineering, or related fields.

• Proven experience in cloud-native environments, particularly with AWS.

• Experience in supporting audits such as SOC 2, ISO 27001, or similar standards.

• Relevant certifications such as CISA, CRISC, FAIR, AWS Security Specialty, or ISO 27001/42001 Lead Auditor certifications are advantageous.

• Experience in integrating security and compliance into CI/CD pipelines.

• Proficiency in working with APIs, automation tools, or scripting languages.

• Experience in implementing frameworks for policy-as-code, compliance-as-code, or security-as-code.

• Familiarity with tools such as Terraform, CloudFormation, or similar Infrastructure as Code (IaC) frameworks.

• A mindset focused on systems and scalability rather than manual tasks—aiming to automate repetitive work wherever feasible.

• A curiosity for and experience in applying AI to operational issues, particularly in security or compliance.

• Comfort in experimenting with emerging technologies and rapidly changing tools.

• A solid understanding of frameworks such as SOC2 Type II, NIST 800-53, ISO 27001, and CJIS.

• Ability to translate regulatory requirements into technical controls effectively.

• An automation-first mindset.

• Strong problem-solving abilities and a sense of ownership.

• Balance security, compliance, and business requirements effectively.

• Ability to collaborate successfully with engineering, security, and business stakeholders.

🏝️ Benefits

• Flexible Paid Time Off (PTO): We provide non-accrual PTO, in addition to 11 company holidays.

• Comprehensive health benefits plan for employees: this includes Medical, Dental, Vision, and an HSA match.

• Family Leave: All employees are entitled to 12 weeks of 100% paid parental leave. Birthing parents may receive an additional 6-8 weeks for physical recovery.

• Fertility & Family Benefits: We have partnered with Maven, offering a complete digital health benefit for starting and raising a family. Flock will provide a $50,000 lifetime maximum benefit for eligible adoption, surrogacy, or fertility expenses.

• Spring Health: A variety of mental health benefits provided by Spring Health, including therapy, coaching, medication management, and digital tools tailored to individual needs.

• Caregiver Support: We have collaborated with Cariloop to offer caregiver support for our employees.

• Carta Tax Advisor: Employees benefit from 1:1 sessions with Equity Tax Advisors who can assist with individual grants, model tax scenarios, and answer general queries.

• Employee Resource Groups (ERGs): We strive for all employees to thrive and feel a sense of belonging at Flock. We currently offer four ERGs - Women of Flock, Flock Proud, LEOs, and Melanin Motion. If you wish to connect with a representative from any of these groups, please inform your recruiter.

• Work From Home (WFH) Stipend: A monthly stipend of $150 to cover home office expenses.

• Productivity Stipend: An annual stipend of $300 to use on platforms such as Audible, Calm, Masterclass, Duolingo, and more.

• Home Office Stipend: A one-time stipend of $750 to assist you in creating your ideal office setup.