Senior Security Engineer, GRC Automation

Responsibilities

• Lead the implementation and integration of the GRC platform (Drata), ensuring it is fully operationalized across key systems and workflows
• Build out automated workflows for control testing, evidence collection, and audit readiness
• Design and deploy AI-assisted compliance workflows — including agentic evidence collection, LLM-powered vendor questionnaire review, and automated control narrative drafting — with clear validation logic
• Develop and maintain integrations between the GRC platform and systems of record (ticketing systems, IAM, asset inventories, configuration management)
• Manage project delivery across multiple GRC automation initiatives simultaneously — maintaining clear scope, milestones, and stakeholder visibility
• Design dashboards and reporting to track control health, trust signals, and audit performance
• Collaborate with Security, GRC, and Engineering teams to embed compliance into operational processes like employee onboarding, change management, and incident response
• Own the roadmap for automated, resilient internal assurance infrastructure — setting priorities, making build vs. buy decisions, and communicating progress to GRC leadership

Requirements

• 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles
• Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring
• Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments
• Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
• Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53
• Project management and delivery ownership — experience managing multi-workstream compliance or security projects end-to-end
• Experience building AI-assisted workflows with LLMs, agentic tools, or automation pipelines to solve GRC or compliance problems
• Confident in auditor-facing settings with ability to represent automation work clearly to external auditors and executive audiences

Nice-to-Haves

• Hands-on experience with event-driven automation platforms like Tines
• Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in Looker or Metabase
• Strong understanding of cloud-native security architecture (AWS IAM, encryption, logging)
• Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content
• Familiarity with EU AI Act, NIST AI RMF, or emerging AI governance frameworks
• CISA, CISSP, or equivalent certification