Key skills
JavaScriptPythonAILLMAgenticLookerAWSIAMLeadershipProject ManagementChange ManagementCommunicationSales
About this role
1Password is a leading company focused on building a secure digital future, and they are seeking a Senior Security Engineer specializing in GRC Automation. The role involves designing and implementing automation for Governance, Risk, and Compliance operations, partnering with management to enhance security and privacy commitments through scalable solutions.
Responsibilities:
- Lead the implementation and integration of our GRC platform, ensuring it is fully operationalized across key systems and workflows
- Build out automated workflows for control testing, evidence collection, and audit readiness
- Design and deploy AI-assisted compliance workflows — including agentic evidence collection, LLM-powered vendor questionnaire review, and automated control narrative drafting — with clear validation logic built in
- Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management)
- Manage project delivery across multiple GRC automation initiatives simultaneously — maintaining clear scope, milestones, and stakeholder visibility without sacrificing quality
- Design dashboards and reporting to track control health, trust signals, and audit performance
- Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes like employee onboarding, change management, and incident response
- Own the roadmap for automated, resilient internal assurance infrastructure — setting priorities, managing delivery across concurrent workstreams, communicating progress to GRC leadership, and making build vs. buy decisions that scale with the business
Requirements:
- 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles
- Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring
- Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments
- Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
- Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
- Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations
- Project management and delivery ownership — experience managing multi-workstream compliance or security projects end-to-end: scoping, milestones, stakeholder communication, and on-time delivery
- Experience building AI-assisted workflows — you've worked with LLMs, agentic tools, or automation pipelines (beyond click-through tools) to solve a GRC or compliance problem and can walk through what you built, why, and how you validated the output
- Confident in auditor-facing settings — you have a commanding presence in technical walkthroughs and can represent your automation work clearly to external auditors, senior stakeholders, and executive audiences
- Hands-on experience with event-driven automation platforms like Tines and their use in control validation and alerting
- Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in tools like Looker or Metabase
- Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging)
- Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content
- Familiarity with EU AI Act, NIST AI RMF, or emerging AI governance frameworks
- CISA, CISSP, or equivalent certification, or actively working toward one