Senior GRC Engineer

Remote, (Anywhere)
Product & Engineering – Engineering /
Full Time /

What will you do?

    • We seek a highly skilled, experienced, and self-motivated Senior GRC Engineer.

    • As a Senior GRC Engineer you will play a critical role in fortifying our security infrastructure, ensuring compliance with industry standards such as SOC 2, HIPAA, GDPR, and ISO27001, and implementing cutting-edge security practices like Policy as Code and Shift Left Security.

      Compliance and Standards:
    • Lead efforts to maintain and enhance compliance with industry standards, including SOC2 Type2, HIPAA, GDPR, ISO27001, and USDPI.
    • Stay updated with current regulatory changes and ensure our security practices align with evolving requirements.
    • Build a unified compliance framework (UCF) that captures cybersecurity, data protection, and business continuity risks.
    • Create policies and processes in collaboration with security engineers such that they comply with the UCF, covering cloud security, application security, endpoint security, and data privacy.
    • Set up a review of all policies in practice to ensure all policies are adhered to at all times. Review and validate if the approach/solution taken to address the security and privacy risks/policies is appropriate.
    • Data Privacy: To be able to guide various teams on data protection practices. Review legal documents related to security/privacy as and when required.
    • Be the subject matter expert (SME) for security and privacy compliance and address queries/scenarios that might arise from different departments.
    • Stay up to date with security compliance frameworks and best practices to contribute towards the overall security posture of Atlan.
    • Policy as a Code
    • Identify the opportunities for implementing Policy as a Code, to minimise manual intervention.
    • Partner with security engineers to drive the implementation of Policy as Code methodologies to automate and enforce security policies throughout the organization.
    • Shift Left Security
    • Advocate and identify Shift Left Security practices to embed security into the early stages of the development lifecycle.
    • Partner with security engineers across Cloud Infra and IT team in driving implementation of shift left security practices, such as :Embedding security practices in SDLC & Cloud infrastructure.
    • Embedding the GRC team approvals/reviews in day-to-day processes to enable better governance.
    • GRC Tools
    • Utilise GRC tools such as Vanta, to streamline security processes and enhance efficiency.
    • Maintain a good security score on VANTA by coordinating with different stakeholders.
    • Evaluate and implement additional tools to support the automation of security tasks and assessments.
    • Training / Awareness
    • Create security and privacy training and awareness content and deliver training through creative and innovative means to create maximum impact.
    • Vendor and Client Security Assessment - Carry out assessments as and when required.
      ARR Improvement
    • Collaborate with stakeholders to enhance Annual Recurring Revenue (ARR) through improved security measures.
    • Implement security strategies that align with organizational goals and customer expectations.

What makes you a great match for us? 😍

    • Proven experience demonstrating a deep understanding of security frameworks (SOC 2, HIPAA, GDPR, ISO27001, USDPI) and Policy as Code
    • Experience identifying and driving the "Shift Left Security" culture
    • Proficiency with GRC automation tools (Vanta) and a strong understanding of ISO Security Standards
    • Excellent communication and collaboration skills – you'll be working closely with various teams across the organization
    • Adaptability to a flexible work environment with global stakeholders across different geos
    • Prior experience creating and implementing a Unified Compliance Framework (UCF) with a heavy focus on improving cyber security posture for SaaS organizations
    • High Ownership and ability to run multiple security projects simultaneously
    • Ability to go the extra mile being flexible to drive measurable improvements to Atlan's security posture keeping business objectives in mind.