Clutch

Senior Information Security Engineer, GRC

Clutch

contract

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

AWSCloudSDLC

About the role

  • Own and mature our trust foundation.
  • Operationalize security controls, drive evidence collection, and continuous monitoring.
  • Partner with product, engineering, and business teams to reduce risk while enabling speed.
  • Lead SOC 2 Type II audit cycle end-to-end, including auditor coordination, population requests, and walkthroughs.
  • Roll out a vendor risk management workflow integrated with procurement and Legal.
  • Define secure SDLC checkpoints and automate evidence from GitHub, CI, and cloud.
  • Drive PCI DSS certification readiness, including SoA ownership and internal audits.
  • Establish KPI/KRIs and dashboards for control effectiveness and risk trends consumed by execs and customers.
  • Mature incident response playbooks and conduct at least one cross-functional tabletop with measurable improvements.

Requirements

  • 5+ years in GRC, security engineering, or risk management within SaaS or fintech environments.
  • Proven experience running SOC 2 Type II and working toward ISO 27001, including evidence automation and auditor interactions.
  • Strong understanding of cloud security controls across AWS, containerized workloads, and modern CI/CD.
  • Practical knowledge of secure SDLC, vulnerability management, identity and access management, and third‑party risk.
  • Ability to translate requirements into actionable, ticketed work with clear owners and due dates.
  • Excellent written communication for policies, customer questionnaires, and exec‑level reporting.
  • Nice to have: experience with privacy programs, PCI readiness, or financial services regulations; relevant certs (e.g., CISA, CISSP, ISO 27001 LI/LA) are a plus.
Benefits
  • Remote Flexibility: Enjoy the freedom of remote work from anywhere, balancing life and career seamlessly.
  • Unforgettable Off-Sites: Twice a year, bond with colleagues in exciting destinations, fostering teamwork and fresh ideas.
  • Paid Time Off and National Holidays: Enjoy 20 PTO days yearly and the National Holidays for relaxation and rejuvenation.
  • Stock Options: Joining us means having a stake in our success, so you'll receive stock options as part of your compensation package.
  • Home Office Setup: Create your ideal workspace with a dedicated budget for home office essentials.
  • Work Trip Budget: Grow personally and professionally with a budget for work-related trips and co-working.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
GRCsecurity engineeringrisk managementSOC 2 Type IIISO 27001cloud security controlssecure SDLCvulnerability managementidentity and access managementevidence automation
Soft skills
communicationcollaborationleadershiporganizationalproblem-solvinganalytical thinkingattention to detailcross-functional teamworkactionable requirements translationmeasurable improvements
Certifications
CISACISSPISO 27001 LIISO 27001 LAPCI DSS certification
Maveris

Cybersecurity Engineer

Maveris
Juniorfull-timeDistrict of Columbia, Texas, Washington · 🇺🇸 United States
Posted: 1 hour agoSource: apply.workable.com
AWSCloudCyber SecurityLinuxServiceNowSplunk
Brightline

Senior Security Engineer

Brightline
Seniorfull-time$145k–$170k / year🇺🇸 United States
Posted: 3 hours agoSource: jobs.ashbyhq.com
AWSJamfPythonSplunkTerraform
GeneDx

Security Architect

GeneDx
Senior · Leadfull-time$153k–$191k / year🇺🇸 United States
Posted: 4 hours agoSource: boards.greenhouse.io
AWSAzureCloudCyber SecurityDockerKubernetesOracleSDLCSQLTerraform
GeneDx

Security Engineer

GeneDx
Mid · Seniorfull-time$128k–$159k / year🇺🇸 United States
Posted: 4 hours agoSource: boards.greenhouse.io
AzureCloudDNSFirewallsSplunkSQLSwitching