Senior GRC Engineer
Remote, (Anywhere)
Product & Engineering – Engineering /
Full Time /
Remote
What will you do?
- We seek a highly skilled, experienced, and self-motivated Senior GRC Engineer.
- Lead efforts to maintain and enhance compliance with industry standards, including SOC2 Type2, HIPAA, GDPR, ISO27001, and USDPI.
- Stay updated with current regulatory changes and ensure our security practices align with evolving requirements.
- Build a unified compliance framework (UCF) that captures cybersecurity, data protection, and business continuity risks.
- Create policies and processes in collaboration with security engineers such that they comply with the UCF, covering cloud security, application security, endpoint security, and data privacy.
- Set up a review of all policies in practice to ensure all policies are adhered to at all times. Review and validate if the approach/solution taken to address the security and privacy risks/policies is appropriate.
- Data Privacy: To be able to guide various teams on data protection practices. Review legal documents related to security/privacy as and when required.
- Be the subject matter expert (SME) for security and privacy compliance and address queries/scenarios that might arise from different departments.
- Stay up to date with security compliance frameworks and best practices to contribute towards the overall security posture of Atlan.
- Identify the opportunities for implementing Policy as a Code, to minimise manual intervention.
- Partner with security engineers to drive the implementation of Policy as Code methodologies to automate and enforce security policies throughout the organization.
- Advocate and identify Shift Left Security practices to embed security into the early stages of the development lifecycle.
- Partner with security engineers across Cloud Infra and IT team in driving implementation of shift left security practices, such as :Embedding security practices in SDLC & Cloud infrastructure.
- Embedding the GRC team approvals/reviews in day-to-day processes to enable better governance.
- Utilise GRC tools such as Vanta, to streamline security processes and enhance efficiency.
- Maintain a good security score on VANTA by coordinating with different stakeholders.
- Evaluate and implement additional tools to support the automation of security tasks and assessments.
- Create security and privacy training and awareness content and deliver training through creative and innovative means to create maximum impact.
- Collaborate with stakeholders to enhance Annual Recurring Revenue (ARR) through improved security measures.
- Implement security strategies that align with organizational goals and customer expectations.
As a Senior GRC Engineer you will play a critical role in fortifying our security infrastructure, ensuring compliance with industry standards such as SOC 2, HIPAA, GDPR, and ISO27001, and implementing cutting-edge security practices like Policy as Code and Shift Left Security.
Compliance and Standards:
Policy as a Code
Shift Left Security
GRC Tools
Training / Awareness
Vendor and Client Security Assessment - Carry out assessments as and when required.
ARR Improvement
What makes you a great match for us? 😍
- Proven experience demonstrating a deep understanding of security frameworks (SOC 2, HIPAA, GDPR, ISO27001, USDPI) and Policy as Code
- Experience identifying and driving the "Shift Left Security" culture
- Proficiency with GRC automation tools (Vanta) and a strong understanding of ISO Security Standards
- Excellent communication and collaboration skills – you'll be working closely with various teams across the organization
- Adaptability to a flexible work environment with global stakeholders across different geos
- Prior experience creating and implementing a Unified Compliance Framework (UCF) with a heavy focus on improving cyber security posture for SaaS organizations
- High Ownership and ability to run multiple security projects simultaneously
- Ability to go the extra mile being flexible to drive measurable improvements to Atlan's security posture keeping business objectives in mind.