Key skills
AWSBlockchainRisk ManagementCommunication
About this role
Offchain Labs is a pioneer in blockchain scalability and security, leading the transformation of decentralized applications. The Senior Security Engineer (GRC) will define and improve the company's security posture through governance, policies, and risk management, collaborating across teams to ensure compliance and security standards are met.
Responsibilities:
- Develop and enforce security policies, standards, and procedures organization-wide
- Ensure the company is audit-ready and responsive to any regulatory changes
- Establish and clearly communicate data privacy and data-handling standards to internal teams as well as external partners and stakeholders
- Track, document, and report on the status of security controls, ongoing audits, and all related compliance activities
- Play an active part in designing, launching, and continuously refining the company’s overall information security governance program
- Work closely with security, engineering, infrastructure, and product teams to make sure controls fit both business objectives and technical realities
- Promote security awareness and build a strong culture of shared risk responsibility through focused training and straightforward communication
- Support both internal and external audits by coordinating evidence gathering, preparing materials, and ensuring findings are addressed quickly and thoroughly
Requirements:
- 5+ years of experience in a security engineering, governance, or risk management role
- Solid understanding of AWS or other cloud vendors
- Strong understanding of core information security concepts and major regulatory frameworks/standards (e.g. SOC2, ISO 27001, NIST CSF)
- Hands-on experience with standard risk assessment approaches and supporting tools
- Direct experience drafting and updating security policies
- Ability to translate complex regulatory and technical obligations into straightforward, actionable internal processes
- Strong communication skills that work well with both technical and non-technical audiences
- Excellent written and verbal communication skills, with the ability to present complex technical details as clear, risk-focused recommendations