Design, develop, and maintain automation automation workflows to streamline GRC processes such as compliance monitoring, controls, reporting and risk assessments
Implement and customize GRC platforms using programming languages and APIs
Develop scripts and tools to automate repetitive GRC tasks, such as audit evidence collection and control testing
Build and maintain dashboards for real-time risk and compliance monitoring using data visualization tools
Monitor, assess, and mitigate risks by leveraging automated systems and data-driven insights.
Support internal and external audits by providing automated solutions for data collection and evidence generation.
Cross collaborate between multiple security disciplines, supporting security engineering initiatives
Establish partnerships with internal/external auditors, regulators, business stakeholders develop security requirements and controls.
Perform critical data security reviews over newly released products and features.
Oversee and maintain the Risk Register and Risk Management program to document, measure, and report assessments, risks, controls findings, and remediation activity
Develop and maintain security metrics, using automated and manual processes to produce relevant KPIs about the governance program
Draft and maintain corporate Information Security policies and departmental procedures and maps them to relevant control standards
Builds and maintains company awareness and education progress around compliance
Stay current with regulatory and industry standards (e.g., ISO 27xxx, SOC 2, GDPR, NIST) and ensure compliance requirements are met
Manage Dockers vendor due diligence process ensuring compliance and security controls are met.

Requirements

Have 6 to 8 years of experience in Information Technology, Security Engineering, Governance, Risk and Compliance
Proven experience in GRC engineering with a strong focus on automation and programming
Proficiency in programming languages such as Python, and Golang
Will have familiarity setting up APIs and Webhooks, at least one scripting language, and at least one public cloud architecture and control tool
Hands-on experience with cloud environments, (e.g., AWS, Azure, Google Cloud) and their compliance automation tools
Experience with DevSecOps practices and integrating security compliance into CI/CD pipelines
In-depth knowledge of security framework controls as they apply to public cloud (AWS, GCP), and SaaS environments
Have knowledge of information security risk management and information security technologies (e.g: SIEM, vulnerability management, data loss prevention and /or endpoint protection)
Strong project management skills with the ability to lead and execute security assessment projects, vendor evaluations and initiatives on time with multiple stakeholders
Solid understanding of regulatory and compliance standards (e.g., GDPR, ISO 27xxx, SOC 2)
Ability to communicate complex technical and compliance information effectively to both technical and non-technical audiences
Serve as the subject matter expert and advisor on complex security risks issues.
Ability to participate in our incident response team on-call rotation
Thrive in fast-paced environments and can adapt quickly in the face of constantly evolving cybersecurity challenges
Nice to Have: Relevant industry certifications such as CISSP, CISA, CRISC

Benefits

Freedom & flexibility; fit your work around your life
Designated quarterly Whaleness Days plus end of year Whaleness break
Home office setup; we want you comfortable while you work
16 weeks of paid Parental leave
Technology stipend equivalent to $100 net/month
PTO plan that encourages you to take time to do the things you enjoy
Training stipend for conferences, courses and classes
Equity; we are a growing start-up and want all employees to have a share in the success of the company
Docker Swag
Medical benefits, retirement and holidays vary by country
Remote-first culture, with offices in Seattle and Paris

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

automation workflowsprogramming languagesAPIsPythonGolangcloud environmentsDevSecOpssecurity framework controlsinformation security risk managementdata visualization tools

Soft Skills

project managementcommunicationcollaborationadaptabilityleadershipproblem-solvingcritical thinkingtime managementstakeholder engagementsubject matter expertise

Certifications

CISSPCISACRISC