Skip to content
TemporalTemporalUnited States

Senior Security Engineer, GRC

Senior GRC engineer owning customer security questionnaires, compliance automation, risk assessments, and policy management across SOC 2, ISO 27001, and HIPAA. Requires 8+ years experience, scripting skills, and strong customer-facing communication.

180k – 225k
Remote8+ YOESecurity Engineering

About the role

What You'll Do

  • Own the intake, prioritization, and completion of all inbound customer security questionnaires, RFPs, and due diligence requests including SIG, CAIQ, and custom enterprise questionnaires with a commitment to accuracy, thoroughness, and turnaround time.
  • Serve as the primary customer-facing representative for security and compliance, leading calls and meetings with enterprise customers, prospects, and their security or procurement teams.
  • Build and maintain a comprehensive, evergreen response library for common security and compliance questions, reducing duplication of effort and ensuring consistency across all customer engagements.
  • Build and maintain automations to continuously validate the organization's compliance posture across key frameworks including SOC2 Type II, ISO 27001, and HIPAA, coordinating evidence collection, managing external auditor relationships, and driving readiness for annual assessments.
  • Build dashboards and reporting pipelines that provide leadership with real-time visibility into compliance posture, open risks, and program health.
  • Design and automate the third-party risk assessment process, including vendor tiering logic, questionnaire workflows, and continuous monitoring for critical vendors.
  • Perform ongoing risk assessments and maintain a risk register that reflects the current threat and compliance landscape, escalating material findings to leadership with clear remediation recommendations.
  • Conduct third-party vendor risk assessments, including use case-specific risk analysis, ongoing tiering and monitoring, and implementation recommendations.
  • Author, maintain, and operationalize security policies and procedures; track employee acknowledgments and manage exceptions through to resolution.
  • Coordinate and participate in customer security review meetings, including onsite or virtual sessions with enterprise security, legal, and procurement stakeholders.
  • Collaborate cross-functionally with Engineering, Legal, and Product to gather documentation, validate control descriptions, and resolve compliance gaps surfaced through customer inquiries.

What You'll Bring

  • 8+ years of experience in GRC, information security compliance, or a closely related field.
  • Deep, hands-on experience with at least two major compliance frameworks (SOC2, ISO 27001, HIPAA, PCI-DSS, or FedRAMP), including direct involvement in audits and assessments.
  • Proven track record managing high volumes of security questionnaires and enterprise due diligence requests, including SIG and CAIQ formats.
  • Strong understanding of the security program’s influence on company revenue and a partnership mindset with the Go To Market function.
  • Scripting and automation fluency (Python, Bash, or similar) and a track record of building tools, not just spreadsheets.
  • Strong customer-facing communication skills, you are equally comfortable presenting to a CISO, walking a procurement team through a control matrix, or discussing technical security controls with customer engineering leaders.
  • Solid understanding of risk management principles, with hands-on experience performing risk assessments and maintaining a risk register.
  • Ability to translate technical security controls into clear, business-appropriate language for non-technical audiences including customers, legal teams, and executives.
  • Strong organizational skills and the ability to manage multiple concurrent questionnaire engagements, each with distinct deadlines and stakeholder requirements.
  • Bachelor's degree in Information Security, Computer Science, Business, or a related field (or equivalent experience).

Nice to Have

  • Security certifications: CISSP, CISM, CRISC, CISA, or CCSP.
  • Experience with GRC platforms such as Vanta, Drata, Sprinto, or similar.
  • Familiarity with NIST CSF or NIST 800-53 control frameworks.
  • Background in SaaS, fintech, or healthcare environments with regulated data handling requirements.
  • Experience drafting or reviewing Data Processing Agreements (DPAs), Business Associate Agreements (BAAs), or security-related contract language.
  • Experience supporting FedRAMP authorization or state-level public sector compliance programs.

Compensation

  • The estimated pay range for this role is $180,000 - $225,000, depending on qualifications and location.
  • This role is eligible to participate in Temporal's equity plan.

Benefits

  • Unlimited PTO, 12 Holidays + 2 Floating Holidays
  • 100% Premiums Coverage for Medical, Dental, and Vision
  • AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available)
  • Empower 401K Plan
  • Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend and more!

Skills

PythonBashSOC 2ISO 27001HIPAAPci-DssFedRAMPNist CsfNist 800-53VantaDrataSprintoCisspCismCrisc
Postman

Senior GRC Engineer

PostmanSan Francisco, CA

Senior GRC Engineer responsible for designing, building, and operating automation, integrations, and AI-assisted workflows across governance, risk, and compliance. Leads compliance initiatives including SOC 2, ISO 27001, HIPAA, and FedRAMP while partnering with cross-functional teams to improve security assurance and audit readiness.

180k – 200k
On-site6+ YOESecurity Engineering
Monarch

Senior Application Security Engineer

MonarchUnited States

Senior Application Security Engineer embedded with product and engineering teams at Monarch, a personal finance platform. Conduct AppSec reviews, SAST/DAST, vulnerability management, and AI security for LLM features on Django/Python stack. Requires 5+ years in security engineering with Python and web security expertise.

180k – 215k
Remote5+ YOESecurity Engineering
Kaizen Labs

Senior Security Engineer

Kaizen LabsNew York, NY

Own end-to-end security architecture, compliance (FedRAMP, CMMC), and secure supply chain practices for a federal-focused government platform on AWS. Lead technical readiness and drive secure-by-default engineering in an early-stage environment.

180k – 220k
Hybrid5+ YOESecurity Engineering
Lumin Digital

Manager, Network Security

Lumin DigitalUnited States

Lead and build a new network security function at a fintech company, managing a team of engineers, setting technical direction for cloud-native network security architecture, and establishing automated, identity-aware security controls across cloud, SD-WAN, and ZTNA environments.

180k – 200k
Remote7+ YOESecurity Engineering
Valon

Senior Security Engineer, Identity & Access Management

ValonNew York, NY +1

Designs, implements, and operates enterprise IAM systems for workforce and customer-facing authentication in ValonOS, including IdP management, secure protocols, cloud IAM, and AI-assisted workflows. Requires 5+ years IAM experience, deep protocol expertise, and IdP hands-on skills.

180k – 230k
Remote5+ YOESecurity Engineering