Senior Security Engineer – GRC Controls and Audit

1Password

Senior Security Engineer specializing in GRC Controls and Audit, leading commercial audit programs. Collaborating with GRC teams and external auditors to shape compliance efforts.

Posted 5/28/2026full-timeRemote • California • 🇺🇸 United StatesSenior💰 $153,000 - $214,000 per yearWebsite

About the role

Key responsibilities & impact

Partner directly with the Senior Manager of GRC to lead our commercial audit programs
Own the question of what "good evidence" looks like across SOC 2 Type II, ISO 27001/27017/27018, and ISO 27701
Help build the AI-assisted workflows and automation that make our audit programs more efficient
Directly lead technical audit walkthroughs
Define and maintain the evidence library
Execute deep-dive control testing and gap analysis

Requirements

What you’ll need

5+ years of experience in GRC, compliance, or audit, with a meaningful portion spent as an auditor
Deep hands-on experience with SOC 2 Type II; strong working knowledge of ISO 27001 and related standards (27017, 27018, 27701)
Demonstrated experience leading technical audit walkthroughs with external auditors
The ability to define what "good evidence" looks like for each control domain
Proven ability to design and execute control testing
Ability to work cross-functionally with Engineering, IT, Security, and People teams
Strong written and verbal communication skills
Experience with compliance automation platforms (Drata, Vanta, Secureframe, or equivalent)
A builder's instinct

Benefits

Comp & perks

health, dental, 401k and many others
generous paid time off
equity grant
participation in our incentive programs

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GRCcomplianceauditSOC 2 Type IIISO 27001ISO 27017ISO 27018ISO 27701control testinggap analysis

Soft Skills

leadershipcommunicationcross-functional collaborationanalytical thinkingproblem-solving