Staff GRC Engineer

What You'll Do

Lead control program maturity

• Design and maintain an auditable control framework that fits ezCater’s SaaS, cloud, data, and engineering environment.
• Shape and define ezCater’s AI Governance strategy with stakeholders across Legal, Data, Engineering, and IT domains.
• Define how key controls are implemented, tested, evidenced, and improved over time, with a strong bias toward reliability and highly-automated, low/no friction evidence paths.
• Partner with internal and external audit stakeholders on control design, walkthroughs, exceptions, remediation, and readiness activities tied to SOX and related frameworks.
• Help rationalize overlapping control requirements across SOC 2, PCI, SOX, and internal policy expectations into a coherent operating model.

Build continuous control monitoring and automation

• Identify where quarterly or annual checks should become continuous or near-real-time monitoring, especially for high-value controls and failure-prone workflows.
• Partner with Security Engineering, IT, Data, and platform teams to automate control testing, evidence collection, validation, and recurring compliance workflows.
• Define the logs, metadata, dashboards, and signals needed to assess control health and make compliance more observable.
• Help shift the program from detective-only controls toward stronger preventive and engineering-embedded control patterns.

Expand data security policy and program quality

• Help define and mature data security policies, standards, and handling requirements so they are clear, enforceable, and tied to actual technical and operational practices.
• Partner with Data, Engineering, and business stakeholders to ensure data governance shows up in meaningful places such as access patterns, role design, labels, masking, retention, and evidence paths.
• Establish what a high-quality GRC program looks like by helping define operating cadences, ownership models, decision paths, metrics, and continuous improvement loops.
• Drive clearer documentation, standards, and guidance that both technical teams and auditors can use effectively.

Drive operational quality improvements

• Support day-to-day GRC and assurance work including control failures, remediation coordination, audit operations, and related follow-through.
• Improve the team’s ability to handle questionnaires, trust requests, vendor and partner reviews, and other recurring work through better structure, reusable materials, and smarter agentic workflows.
• Act as a practical partner to teams implementing or remediating controls.

Lead through influence and systems thinking

• Own a domain with high autonomy, lead cross-team efforts from start to finish, and improve the quality of systems, controls, and processes across that domain.
• Drive alignment across stakeholders with different incentives and constraints, making pragmatic decisions that balance risk, cost, and operational reality.
• Mentor others, improve documentation and knowledge sharing, and help raise the overall maturity of the Security Engineering & Compliance team and its partners.

What You Have

• 8+ years experience in security GRC, compliance, risk, or security program work in a SaaS or cloud-native environment, including meaningful ownership of control design, testing, and program improvement.
• Strong experience with security compliance frameworks such as ISO-27001, NIST CSF, SOC 2, ITGC, and PCI-DSS, including how to translate framework requirements into controls that work in real systems and teams.
• Demonstrated ability to automate or instrument parts of a compliance or assurance program through scripting, APIs, dashboards, platform configuration, or other technical approaches.
• Implementation of engineering system guardrails for ensuring compliance utilizing Policy-as-Code (Terraform) or secure configurations of platform systems within cloud hosted environments (AWS, GitHub, etc.).
• Experience building or improving data security governance, classification, handling rules, or related control practices across business systems, data platforms, or collaboration environments.
• Familiarity with governing and securing AI/Agentic systems and business processing.
• Strong written communication and cross-functional influence skills, with the ability to explain controls, trade-offs, and program expectations to both technical and non-technical audiences.
• Able to collaborate closely with engineers and technical teams to design controls as code, configuration, workflow, or monitoring instead of relying only on policy documents and manual checklists.
• Strong systems thinker who can break ambiguous governance problems into workable operating models, measurable outcomes, and implementation steps.
• Comfortable balancing strategic design work with operational execution when the program needs direct hands-on support.
• Someone who improves process quality, identifies gaps between teams, and drives implementation of better ways of working.
• Comfortable leveraging AI tooling and automated workflows to increase scale and velocity.

Nice To Have

• Experience with scaling a unified control framework across multiple governance and compliance frameworks.
• Experience with continuous control monitoring, policy-as-code, or GRC platforms and evidence tooling.
• Familiarity with AI governance or emerging technology risk, especially where governance needs to be translated into practical technical guardrails.

Compensation

• The national total target cash compensation range for this position, including base salary and bonus target, is $165,000–$210,000 annually.