Responsibilities
- Drive critical GRC processes that mitigate risk, maintain compliance, and build trust with customers and partners.
- Evolve the technical foundation of the Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes.
- Translate regulatory requirements into technical solutions and build automation that eliminates manual toil.
- Leverage understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks to design controls for emerging requirements and mature existing programs through automation and continuous monitoring.
- Support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives.
- Work with Engineering, Infrastructure, and Product teams to translate compliance frameworks into technical controls and build automated systems.
- Design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics.
- Implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).
- Collaborate cross-functionally to implement controls that enable growth while communicating technical concepts effectively.
Requirements
- 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
- Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
- Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. Ability to read code, design integrations, and understand technical implementations.
- Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics.
- Exceptional cross-functional collaboration and communication skills. Ability to translate complex compliance requirements into technical specifications and influence stakeholders.
- Strong systems thinking to design scalable GRC architectures.
- Bias for action; self-starter who ships solutions quickly and iterates based on feedback.
Nice-to-Haves
- Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
- Hands-on experience with Tines or other SOAR platforms to automate security operations.
- Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
- Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
- Relevant industry certifications such as CISSP, CISA, or CCSP.
- Experience building metrics dashboards for security visualization and reporting.
- Active contributions to the GRC or Security community through open-source projects or public research.
Compensation
The expected salary range for this role is $153,600 - $192,000. The starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.