Senior Security Engineer – GRC Controls and Audit
Job Description:
- Partner directly with the Senior Manager of GRC to lead our commercial audit programs
- Own the question of what "good evidence" looks like across SOC 2 Type II, ISO 27001/27017/27018, and ISO 27701
- Help build the AI-assisted workflows and automation that make our audit programs more efficient
- Directly lead technical audit walkthroughs
- Define and maintain the evidence library
- Execute deep-dive control testing and gap analysis
Requirements:
- 5+ years of experience in GRC, compliance, or audit, with a meaningful portion spent as an auditor
- Deep hands-on experience with SOC 2 Type II; strong working knowledge of ISO 27001 and related standards (27017, 27018, 27701)
- Demonstrated experience leading technical audit walkthroughs with external auditors
- The ability to define what "good evidence" looks like for each control domain
- Proven ability to design and execute control testing
- Ability to work cross-functionally with Engineering, IT, Security, and People teams
- Strong written and verbal communication skills
- Experience with compliance automation platforms (Drata, Vanta, Secureframe, or equivalent)
- A builder's instinct
Benefits:
- health, dental, 401k and many others
- generous paid time off
- equity grant
- participation in our incentive programs