Key skills
AISaaSLeadershipRisk ManagementCommunicationSales
About this role
HighLevel is an AI powered, all-in-one white-label sales & marketing platform that empowers agencies, entrepreneurs, and businesses to elevate their digital presence and drive growth. The Security Engineer will be responsible for developing and maintaining GRC policies, leading compliance initiatives, and collaborating with various teams to ensure security controls are effectively implemented.
Responsibilities:
- Develop, maintain, and continuously improve GRC policies, standards, procedures, and control frameworks
- Lead and support SOC 2 Type II, ISO 27001, PCI DSS and other compliance initiatives, including evidence collection, control validation, and remediation tracking
- Partner with Security and Platform teams to ensure controls are technically implemented, not just documented
- Collaborate with Security Architecture and Engineering to validate whether exceptions meet security and compliance expectations
- Track, review, and periodically reassess approved exceptions to prevent long-term risk accumulation
- Partner with Procurement, Legal, and Application Security teams to assess vendor risk posture and define remediation or contractual security requirements
- Design scalable workflows for: Risk assessments, Vendor reviews, Evidence management, Control testing and reporting
- Deliver targeted GRC and security awareness training, including guidance on risk ownership, exception handling, and vendor security responsibilities
- Prepare risk, compliance, and third-party security posture reports for senior leadership
- Translate technical risks into business-impact language to support informed decision-making
- Perform business impact analysis and facilitate BCDR table top tests
Requirements:
- Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or a related field
- 4.5+ years of experience in GRC, risk management, or compliance, with exposure to technical security controls
- Strong understanding of security frameworks and standards (SOC 2, ISO 27001, NIST)
- Hands-on experience with technical risk assessments, exception management, and third-party security reviews
- Ability to interpret technical security data (architecture diagrams, cloud controls, access models)
- Strong analytical, documentation, and stakeholder communication skills
- Master's degree in a relevant field
- Certifications such as CISA, CRISC, CGEIT, CISSP, or equivalent
- Experience working with cloud-native or SaaS environments
- Familiarity with TPRM tooling, GRC automation platforms, and risk engineering workflows
- Knowledge of data protection and privacy regulations (GDPR, CCPA)