Conduct third-party risk assessments (TPRM), including vendor reviews, security questionnaires, and risk evaluations
Maintain and update security policies, standards, and procedures
Support compliance initiatives across frameworks (SOC 2, ISO 27001, HIPAA, NIST, etc.)
Perform internal risk assessments, control testing, and gap analyses
Identify manual, repetitive GRC processes and design automated solutions
Build and maintain automated evidence collection (via APIs, scripts, and integrations)
Implement continuous control monitoring (CCM) to replace point-in-time audits
Translate compliance requirements into technical controls and system configurations
Validate control effectiveness through automated testing and monitoring
Enable real-time or near-real-time risk visibility through dashboards and reporting systems
Work with Security Engineering to continuously audit configurations and remediate drift programmatically
Build scalable workflows for vendor risk assessments, re-assessments and tracking
Integrate vendor data into centralized risk systems
Automate intake, review, and monitoring processes for third-party security posture
Develop self-service audit evidence systems and dashboards
Partner with auditors to provide API-driven or system-generated evidence

Bachelor’s degree in Computer Science, Engineering, or related field (or equivalent experience)
3–6+ years in security engineering, GRC, GRC engineering, or cloud security roles
Strong experience with scripting/programming (Python, Go, or similar)
Hands-on experience with cloud platforms (AWS, Azure, or GCP)
Familiarity with Infrastructure as Code (Terraform, CloudFormation, etc.)
Deep understanding of security controls and how they map to compliance frameworks
Experience integrating APIs and building automation pipelines

GRC Engineer

Key skills