# Staff GRC Engineer

**Company:** [ezCater](https://hotfix.jobs/companies/ezcater)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $165k – $210k/yr
**Experience:** 8+ years
**Skills:** GRC, SOC 2, Pci-Dss, Sox, ISO 27001, Nist Csf, Policy-As-Code, Terraform, AWS, GitHub, Data Security Governance, Ai Governance, Continuous Control Monitoring, Compliance Automation, Scripting
**Posted:** 2026-06-16

> Senior individual contributor leading GRC program maturity, control automation, data security governance, and AI governance for a SaaS food tech platform. Requires 8+ years in security compliance with strong automation and cross-functional influence skills.

## Job Description

## What You'll Do

### Lead control program maturity
- Design and maintain an auditable control framework that fits ezCater’s SaaS, cloud, data, and engineering environment.
- Shape and define ezCater’s AI Governance strategy with stakeholders across Legal, Data, Engineering, and IT domains.
- Define how key controls are implemented, tested, evidenced, and improved over time, with a strong bias toward reliability and highly-automated, low/no friction evidence paths.
- Partner with internal and external audit stakeholders on control design, walkthroughs, exceptions, remediation, and readiness activities tied to SOX and related frameworks.
- Help rationalize overlapping control requirements across SOC 2, PCI, SOX, and internal policy expectations into a coherent operating model.

### Build continuous control monitoring and automation
- Identify where quarterly or annual checks should become continuous or near-real-time monitoring, especially for high-value controls and failure-prone workflows.
- Partner with Security Engineering, IT, Data, and platform teams to automate control testing, evidence collection, validation, and recurring compliance workflows.
- Define the logs, metadata, dashboards, and signals needed to assess control health and make compliance more observable.
- Help shift the program from detective-only controls toward stronger preventive and engineering-embedded control patterns.

### Expand data security policy and program quality
- Help define and mature data security policies, standards, and handling requirements so they are clear, enforceable, and tied to actual technical and operational practices.
- Partner with Data, Engineering, and business stakeholders to ensure data governance shows up in meaningful places such as access patterns, role design, labels, masking, retention, and evidence paths.
- Establish what a high-quality GRC program looks like by helping define operating cadences, ownership models, decision paths, metrics, and continuous improvement loops.
- Drive clearer documentation, standards, and guidance that both technical teams and auditors can use effectively.

### Drive operational quality improvements
- Support day-to-day GRC and assurance work including control failures, remediation coordination, audit operations, and related follow-through.
- Improve the team’s ability to handle questionnaires, trust requests, vendor and partner reviews, and other recurring work through better structure, reusable materials, and smarter agentic workflows.
- Act as a practical partner to teams implementing or remediating controls.

### Lead through influence and systems thinking
- Own a domain with high autonomy, lead cross-team efforts from start to finish, and improve the quality of systems, controls, and processes across that domain.
- Drive alignment across stakeholders with different incentives and constraints, making pragmatic decisions that balance risk, cost, and operational reality.
- Mentor others, improve documentation and knowledge sharing, and help raise the overall maturity of the Security Engineering & Compliance team and its partners.

## What You Have
- 8+ years experience in security GRC, compliance, risk, or security program work in a SaaS or cloud-native environment, including meaningful ownership of control design, testing, and program improvement.
- Strong experience with security compliance frameworks such as ISO-27001, NIST CSF, SOC 2, ITGC, and PCI-DSS, including how to translate framework requirements into controls that work in real systems and teams.
- Demonstrated ability to automate or instrument parts of a compliance or assurance program through scripting, APIs, dashboards, platform configuration, or other technical approaches.
- Implementation of engineering system guardrails for ensuring compliance utilizing Policy-as-Code (Terraform) or secure configurations of platform systems within cloud hosted environments (AWS, GitHub, etc.).
- Experience building or improving data security governance, classification, handling rules, or related control practices across business systems, data platforms, or collaboration environments.
- Familiarity with governing and securing AI/Agentic systems and business processing.
- Strong written communication and cross-functional influence skills, with the ability to explain controls, trade-offs, and program expectations to both technical and non-technical audiences.
- Able to collaborate closely with engineers and technical teams to design controls as code, configuration, workflow, or monitoring instead of relying only on policy documents and manual checklists.
- Strong systems thinker who can break ambiguous governance problems into workable operating models, measurable outcomes, and implementation steps.
- Comfortable balancing strategic design work with operational execution when the program needs direct hands-on support.
- Someone who improves process quality, identifies gaps between teams, and drives implementation of better ways of working.
- Comfortable leveraging AI tooling and automated workflows to increase scale and velocity.

## Nice To Have
- Experience with scaling a unified control framework across multiple governance and compliance frameworks.
- Experience with continuous control monitoring, policy-as-code, or GRC platforms and evidence tooling.
- Familiarity with AI governance or emerging technology risk, especially where governance needs to be translated into practical technical guardrails.

## Compensation
- The national total target cash compensation range for this position, including base salary and bonus target, is $165,000–$210,000 annually.

## Similar roles

- [Staff Cloud Security Engineer](https://hotfix.jobs/jobs/6a451f05-66c1-47b9-92e0-766e35c909aa) - Huntress - Remote - $165k – $193k/yr
- [Sr. Staff System Security Engineer](https://hotfix.jobs/jobs/50fb66cc-9ede-4741-a21c-d4699d9986af) - Shield AI - Dallas, TX - $170k – $250k/yr
- [Senior Staff Cybersecurity Engineer, Platform Security](https://hotfix.jobs/jobs/31cc7390-ce3b-4bd2-b438-7d88f0d029a1) - Shield AI - San Diego, CA - $160k – $240k/yr
- [Staff IAM Engineer](https://hotfix.jobs/jobs/7a722d47-b173-4ffc-9981-f10ed9f3ce9c) - Ironclad - San Francisco, CA - $170k – $190k/yr
- [Staff Risk Analyst](https://hotfix.jobs/jobs/4cda1e53-3f5f-4061-942a-18998b2b4c45) - Earnin - Remote - $170k – $210k/yr

**Apply:** https://hotfix.jobs/jobs/f6da6721-0570-4815-bd0b-c83a342c4241
**Canonical:** https://hotfix.jobs/jobs/f6da6721-0570-4815-bd0b-c83a342c4241