Senior Security Engineer, GRC

This is a fully remote position, open to applicants in United States.

📋 Description

• Take ownership of the intake, prioritization, and execution of all incoming customer security questionnaires, RFPs, and due diligence requests, including SIG, CAIQ, and tailored enterprise questionnaires, ensuring accuracy, thoroughness, and prompt turnaround.

• Act as the main customer-facing representative for security and compliance, facilitating calls and meetings with enterprise customers, potential clients, and their security or procurement teams.

• Develop and sustain a comprehensive, ongoing response library for common security and compliance inquiries, minimizing duplicate efforts and ensuring consistency across all customer interactions.

• Create and manage automations that continuously validate the organization's compliance status across key frameworks such as SOC2 Type II, ISO 27001, and HIPAA, overseeing evidence collection, managing relationships with external auditors, and preparing for annual assessments.

• Design dashboards and reporting systems that offer leadership real-time insights into compliance status, existing risks, and program health.

• Develop and automate the third-party risk assessment process, encompassing vendor tiering logic, questionnaire workflows, and continuous monitoring for critical vendors.

• Conduct ongoing risk assessments and maintain a risk register that reflects the current threat and compliance environment, escalating significant findings to leadership along with clear remediation suggestions.

• Execute third-party vendor risk evaluations, including use case-specific risk analysis, ongoing tiering and monitoring, and implementation recommendations.

• Write, maintain, and operationalize security policies and procedures; track employee acknowledgments and manage exceptions until resolved.

• Organize and engage in customer security review meetings, including onsite or virtual sessions with enterprise security, legal, and procurement stakeholders.

• Collaborate with cross-functional teams including Engineering, Legal, and Product to gather documentation, validate control descriptions, and address compliance gaps identified through customer inquiries.

⛳️ Requirements

• Over 8 years of experience in GRC, information security compliance, or a closely related field.

• Extensive hands-on experience with at least two major compliance frameworks (SOC2, ISO 27001, HIPAA, PCI-DSS, or FedRAMP), including direct participation in audits and assessments.

• Demonstrated success in managing large volumes of security questionnaires and enterprise due diligence requests, including SIG and CAIQ formats.

• Strong understanding of how the security program impacts company revenue and a collaborative mindset with the Go To Market function.

• Proficiency in scripting and automation (Python, Bash, or similar) and a history of developing tools beyond just spreadsheets.

• Excellent customer-facing communication skills; comfortable presenting to a CISO, guiding a procurement team through a control matrix, or discussing technical security controls with customer engineering leaders.

• Solid grasp of risk management principles, with practical experience in conducting risk assessments and maintaining a risk register.

• Capable of translating technical security controls into clear, business-relevant language for non-technical audiences, including customers, legal teams, and executives.

• Strong organizational skills and the ability to manage multiple concurrent questionnaire engagements, each with unique deadlines and stakeholder requirements.

• Bachelor's degree in Information Security, Computer Science, Business, or a related field (or equivalent experience).

🏝️ Benefits

• Unlimited PTO, 12 Holidays + 2 Floating Holidays

• 100% Premiums Coverage for Medical, Dental, and Vision

• AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available)

• Empower 401K Plan

• Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend, and more!