Skip to content
ModalModalNew York, NY

Security GRC Specialist

Hands-on Security GRC Specialist owning compliance frameworks like SOC 2 and ISO 27001, driving audits, customer trust initiatives, and engineering collaborations to implement scalable security controls. Requires 3-7+ years experience with technical mindset in cloud environments.

150k – 270k/yr
Hybrid3+ YOESecurity Engineering

About the role

What You'll Do

Compliance & Security Programs

  • Own and operate compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, etc.)
  • Drive audits end-to-end: readiness, evidence collection, auditor coordination
  • Continuously improve controls and reduce compliance overhead through automation

Customer Trust & Sales Enablement

  • Lead responses to customer security questionnaires, RFPs, and due diligence requests
  • Partner with Sales and Customer Success to unblock deals and build trust
  • Develop and maintain security documentation (trust center, whitepapers, FAQs)

Engineering Collaboration

  • Work directly with engineering teams to design and implement practical security controls
  • Translate compliance requirements into technical, scalable solutions
  • Identify gaps and drive remediation projects (not just report them)

Risk & Governance

  • Run risk assessments across systems, vendors, and processes
  • Maintain policies and standards, but keep them lightweight and actionable
  • Track and report on security posture and compliance status

Process & Tooling

  • Improve how we manage compliance (evidence collection, control mapping, automation)
  • Evaluate and implement GRC/security tools where appropriate

Requirements

Core Experience

  • 3–7+ years in security GRC, compliance, or security engineering-adjacent roles
  • Hands-on experience with frameworks like SOC 2, ISO 27001, or similar
  • Experience supporting audits and customer-facing security conversations

Technical Mindset (Important)

  • Comfortable working with engineers and understanding systems (cloud, infra, APIs, etc.)
  • Ability to translate between compliance language and technical implementation
  • Experience with modern cloud environments (AWS/GCP/Azure) is a strong plus

Execution & Ownership

  • Proactive and hands-on—you drive changes, not just track them
  • Able to balance rigor with pragmatism in a fast-moving environment
  • Strong communication skills, especially with customers and cross-functional teams

Bonus

  • Experience building or scaling a GRC program from early stages
  • Familiarity with automation in compliance workflows
  • Background in security engineering or DevOps

Skills

SOC 2ISO 27001GDPRAWSGCPAzureGrc ToolsCloud InfrastructureAutomationDevOps
Mercor

Software Engineer, Identity

MercorSan Francisco, CA

Build and scale Mercor's novel identity and access management infrastructure across thousands of Slack workspaces and HR systems for a 100k+ expert network. Requires strong product engineering, large-scale distributed systems experience, and security-minded design instincts.

150k – 325k/yr
On-site5+ YOESecurity Engineering
AKASA

IT Security Operations Engineer

AKASASan Francisco, CA

IT Security Operations Engineer responsible for implementing DLP, email security, endpoint protection, Okta/Google Workspace hardening, automation, compliance evidence collection, and incident response in a hybrid healthcare AI startup.

150k – 190k/yr
Hybrid4+ YOESecurity Engineering
Novig

Security Engineer

NovigNew York, NY

Build and maintain security automation pipelines, AI agents, SOAR/SIEM integrations, vulnerability management, and IAM systems for a sports prediction market platform.

150k – 200k/yr
On-site5+ YOESecurity Engineering
Fal

Governance, Risk & Compliance Engineer

FalSan Francisco, CA

GRC Engineer responsible for designing and improving governance, risk management, and compliance programs at a generative AI platform company. Manage certifications (SOC 2, ISO 27001, GDPR), lead risk assessments, support customer security reviews, and develop automation for cloud and AI infrastructure controls.

150k – 250k/yr
On-site5+ YOESecurity Engineering
GitLab

Manager, Security Incident Response Team (USA)

GitLabUnited States

Leads the Security Incident Response Team in the Americas, managing engineers through threat hunting, investigations, triage, and large-scale responses while coaching performance and driving process improvements using AI and automation.

150k – 235k/yr
RemoteSecurity Engineering