FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Senior GRC Engineer
AircallSenior GRC Engineer responsible for designing and operating governance, risk & compliance controls. Working within the Security Engineering team at an AI-powered customer communications platform.
Posted 7/14/2026full-timeNew York City • New York • 🇺🇸 United StatesSenior💰 $180,000 - $200,000 per yearWebsite
Core Competencies
Role fitCore Competencies
Use this summary to align your resume positioning with the role.
Demonstrates expertise in security compliance and risk management, with a strong focus on SOC 2, ISO 27001, NIST, and GDPR. Proficient in automating compliance processes and integrating GRC platforms to enhance security operations and audit readiness.
Highest-signal resume keywords
SOC 2 ComplianceISO 27001 ImplementationGRC Platform Integration (Drata)Python ProgrammingCloud Security (AWS)
ATS Keywords
Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills
Compliance AutomationRisk Management FrameworksAudit ReadinessControl MonitoringIncident Response
Soft Skills
Strong Written CommunicationCollaboration with Cross-Functional Teams
Tools & Technologies
AWSTerraformCI/CD PipelinesAI ToolsJira
Certifications & Qualifications
CISACISSPISO 27001 LI/LA
Industry Keywords
GDPRVendor Security AssessmentSecurity PoliciesSecurity Awareness TrainingCompliance-as-Code
Tech Stack
Tools & technologiesAWSCloudGoGoogle Cloud PlatformPythonSDLCTerraform
About the role
Key responsibilities & impact- Design, implement, and operate technical controls that satisfy SOC 2, ISO 27001, NIST, and GDPR requirements across our cloud (AWS), SaaS, and corporate environments.
- Build and maintain integrations between our GRC platform (Drata) and source systems — IdP, cloud providers, ticketing, code repositories, HRIS, endpoint management — to automate evidence collection and continuous control monitoring.
- Engineer "compliance-as-code" workflows: codify policies and controls, automate drift detection, and surface failing controls back to owning teams via Jira, Slack, or dashboards.
- Support and progressively automate audit readiness: SOC 2 Type II, ISO 27001 (and any future certifications such as HIPAA, FedRAMP, PCI as the strategy evolves), preparing evidence, walking auditors through controls, and remediating findings.
- Operate the enterprise risk register day-to-day: run risk assessments, track mitigations, and produce reporting that helps leadership make decisions.
- Build and run the technical side of the vendor security program — questionnaire automation, tiering, evidence review, and ongoing monitoring of critical vendors.
- Partner with IT, Product, and Engineering to embed security and compliance requirements into the SDLC, change management, access reviews, and infrastructure provisioning.
- Contribute to incident response from the GRC side: maintain runbooks and policies, ensure regulatory and contractual notification timelines are met, and capture evidence and lessons learned.
- Partner with Legal/Privacy on GDPR obligations, data residency, DPAs, and customer security commitments.
- Help mature security awareness and training — measuring effectiveness, not just running it.
- Author and maintain security policies and standards in clear, accurate language that engineers will actually read.
- Promote a security-first culture across all functions, ensuring employees understand their role in protecting company and customer data.
Requirements
What you’ll need- 5+ years in security, with at least 2–3 years in a GRC engineering, security engineering, or compliance automation role at a SaaS or cloud-native company.
- Strong working knowledge of SOC 2, ISO 27001, NIST CSF / 800-53, and GDPR, and what it takes to actually operate (not just pass) them.
- Hands-on experience with a modern GRC platform (Ideally Drata) — including building or extending its integrations, not just clicking through the UI.
- Comfortable using AI tools to accelerate delivery and scale impact.
- Comfortable writing code (Python, Go, or similar) and working with cloud APIs (AWS), Terraform/IaC, and CI/CD pipelines.
- Solid understanding of cloud security, identity, and access management, and how engineering teams ship software.
- Experience supporting external audits as a technical lead and remediating findings.
- Working knowledge of risk management frameworks and vendor security assessment.
- Strong written communication — you can turn a control requirement into a clear ticket, runbook, or policy that gets adopted.
- Bonus: relevant certifications (CISA, CISSP, ISO 27001 LI/LA, AWS/GCP security), experience with privacy engineering, or prior work building a GRC function from early stage to audit-ready.
Benefits
Comp & perks- Medical, dental, and vision insurance is 100% covered
- 401k plan with company matching!
- Unlimited PTO — take the time you need to come to work feeling great!
- Wellness, commuter, and childcare reimbursements
- Generous parental leave policy