# Security GRC Specialist
**Company:** [Modal](https://hotfix.jobs/companies/modal)
**Location:** New York, NY, San Francisco, CA
**Salary:** $150K-$270K
**Experience:** 3+ years
**Skills:** SOC 2, ISO 27001, GDPR, AWS, GCP, Azure, Grc Tools, Cloud Infrastructure, Automation, DevOps
**Posted:** 2026-04-21
> Hands-on Security GRC Specialist owning compliance frameworks like SOC 2 and ISO 27001, driving audits, customer trust initiatives, and engineering collaborations to implement scalable security controls. Requires 3-7+ years experience with technical mindset in cloud environments.
## Job Description
## What You'll Do

### Compliance & Security Programs
- Own and operate compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, etc.)
- Drive audits end-to-end: readiness, evidence collection, auditor coordination
- Continuously improve controls and reduce compliance overhead through automation

### Customer Trust & Sales Enablement
- Lead responses to customer security questionnaires, RFPs, and due diligence requests
- Partner with Sales and Customer Success to unblock deals and build trust
- Develop and maintain security documentation (trust center, whitepapers, FAQs)

### Engineering Collaboration
- Work directly with engineering teams to design and implement practical security controls
- Translate compliance requirements into technical, scalable solutions
- Identify gaps and drive remediation projects (not just report them)

### Risk & Governance
- Run risk assessments across systems, vendors, and processes
- Maintain policies and standards, but keep them lightweight and actionable
- Track and report on security posture and compliance status

### Process & Tooling
- Improve how we manage compliance (evidence collection, control mapping, automation)
- Evaluate and implement GRC/security tools where appropriate

## Requirements

### Core Experience
- 3–7+ years in security GRC, compliance, or security engineering-adjacent roles
- Hands-on experience with frameworks like SOC 2, ISO 27001, or similar
- Experience supporting audits and customer-facing security conversations

### Technical Mindset (Important)
- Comfortable working with engineers and understanding systems (cloud, infra, APIs, etc.)
- Ability to translate between compliance language and technical implementation
- Experience with modern cloud environments (**AWS**/**GCP**/**Azure**) is a strong plus

### Execution & Ownership
- Proactive and hands-on—you drive changes, not just track them
- Able to balance rigor with pragmatism in a fast-moving environment
- Strong communication skills, especially with customers and cross-functional teams

## Bonus
- Experience building or scaling a GRC program from early stages
- Familiarity with automation in compliance workflows
- Background in security engineering or DevOps
**Apply:** https://hotfix.jobs/jobs/security-grc-specialist-at-modal-d887ca52-e5ca-4595-9eaa-10fd63d172b6
**Canonical:** https://hotfix.jobs/jobs/security-grc-specialist-at-modal-d887ca52-e5ca-4595-9eaa-10fd63d172b6