CrawlJobs Logo

Senior Security Engineer, GRC Automation

United States; Canada 156000.00 - 210000.00 USD; CAD / Year · Job Posted February 21, 2026
Apply Position
Job Link Share

Job Description

1Password is looking for a Senior Security Engineer – GRC to design and implement automation, dashboards, and integrations that power our Governance, Risk, and Compliance (GRC) operations. You’ll partner directly with the Senior Manager of GRC to build automation that scales our security and privacy commitments — from audit readiness and policy enforcement to customer trust workflows. A key focus for this role will be operationalizing our newly selected GRC platform, integrating it with our internal systems, and ensuring it supports automated, scalable assurance processes across the organization. This is a hands-on technical role for someone who’s passionate about making GRC repeatable, visible, and built into how the company works. It sits at the intersection of security engineering, compliance, and platform operations — ideal for someone with a solutions engineering or DevSecOps background who thrives in high-context, high-impact environments.

Job Responsibility

  • Lead the implementation and integration of our GRC platform, ensuring it is fully operationalized across key systems and workflows
  • Build out automated workflows for control testing, evidence collection, and audit readiness
  • Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management)
  • Design dashboards and reporting to track control health, trust signals, and audit performance
  • Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes like employee onboarding, change management, and incident response
  • Shape the roadmap for automated, resilient internal assurance infrastructure that grows alongside the business

Requirements

  • 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles
  • Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring
  • Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments
  • Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
  • Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
  • Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations

Nice to have

  • Hands-on experience with event-driven automation platforms like Tines and their use in control validation and alerting
  • Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in tools like Looker or Metabase
  • Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging)
  • Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content

What we offer

  • Health and wellbeing: Maternity and parental leave top-up programs
  • Competitive health benefits
  • Generous PTO policy
  • Growth and future: RSU program for most employees
  • Retirement matching program
  • Free 1Password account
  • Community: Paid volunteer days
  • Peer-to-peer recognition through Bonusly
  • Remote-first work environment

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior Security Engineer, GRC Automation

8 matching positions

Senior Security Engineer- Zalando Payments

The Information Security team at Zalando Payments acts as the second line of def...
Location
Location
Germany , Berlin
Salary
Salary:
Not provided
zalando.de Logo
Zalando
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of working experience in Information Security, Risk, or GRC, ideally in regulated environments such as fintech or payments
  • You understand frameworks and regulations such as DORA, PCI DSS, ISO 27001, or GDPR
  • You have experience designing or assessing security controls, including defining evidence and evaluating effectiveness
  • You bring a GRC engineering mindset, with an interest in automation, scalable evidence collection, and continuous monitoring
  • You are able to challenge constructively as a second line of defense, while collaborating effectively with engineering and security teams
  • You communicate clearly with both technical and non technical stakeholders, including senior management
Job Responsibility
Job Responsibility
  • Own and evolve the Information Security Management System at Zalando Payments, ensuring alignment with DORA, PCI DSS, ISO 27001, and internal policies
  • Drive the ZPS Security Controls Framework, including control definition, evidence requirements, and maturity targets
  • Independently verify security controls, assessing design and effectiveness, and ensuring traceability between risks, controls, and evidence
  • Apply a GRC engineering mindset by enabling automated evidence collection and continuous control monitoring
  • Collaborate with first line Engineering and Operational Security teams to ensure scalable and effective control implementation
  • Support internal and external audits and ensure regulatory readiness through structured, evidence driven practices
What we offer
What we offer
  • 27 days of holiday a year to start for full-time employees (+1 day for every calendar year up to 30 days)
  • 2 paid volunteering days a year
  • Hybrid working model with up to 60% remote per week, actual practice is up to each team to best support their collaboration
  • Work from abroad for up to 30 working days a year
  • Employee shares program
  • 40% off fashion and beauty products sold and shipped by Zalando, 30% off Lounge by Zalando, discounts from external partners
  • Relocation assistance available (subject to prior agreement)
  • Family services, including counseling and support
  • Health and wellbeing options (including Wellhub, formerly Gympass)
  • Mental health support and coaching available
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Privacy

As a Senior Security Engineer, Privacy, you will serve as a trusted advisor at t...
Location
Location
Canada; England; France; Germany; Italy; Portugal; Spain; United States
Salary
Salary:
88000.00 - 110000.00 EUR / Year
docker.com Logo
Docker
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6–8 years of experience in information technology, security engineering, governance, risk and compliance, privacy engineering, or closely related roles
  • Proven experience designing and implementing GRC programs with a strong emphasis on automation, engineering, and scalable processes
  • Hands-on experience implementing or operating privacy programs aligned with GDPR and ISO/IEC 27701, including privacy-by-design and privacy-by-default principles
  • Strong understanding of privacy engineering concepts such as data minimization, purpose limitation, data lifecycle management, and technical data protection controls
  • Proficiency in one or more programming or scripting languages such as Python or Golang, with experience building automation for compliance and privacy workflows
  • Experience working with APIs, webhooks, and integrating GRC, privacy, and security tooling
  • Hands-on experience with public cloud environments (AWS, Azure, or GCP), including applying privacy and data protection controls across backup systems, data lakes, and distributed cloud storage services
  • Experience integrating security and compliance requirements into SDLC and CI/CD pipelines using DevSecOps practices
  • Solid understanding of security frameworks and regulatory standards such as ISO 27xxx, SOC 2, GDPR, and NIST, and how they apply to SaaS environments
  • Knowledge of information security risk management and common security technologies (e.g., SIEM, vulnerability management, data loss prevention, endpoint protection)
Job Responsibility
Job Responsibility
  • Embed privacy-by-design principles into Docker products, services, and internal platforms, aligned with ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations
  • Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines
  • Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness
  • Implement and customize GRC and privacy tooling using APIs, scripting, and automation to streamline evidence collection, control validation, and compliance operations
  • Lead and automate data discovery, classification, and data mapping across Docker systems to maintain accurate Records of Processing Activities (RoPA) and support data lifecycle governance
  • Conduct and operationalize security risk assessments and Data Protection Impact Assessments (DPIAs), integrating findings into Docker’s risk register and remediation tracking
  • Define, implement, and validate data protection and data lifecycle controls, including data minimization, retention, deletion, and access controls
  • Build and maintain dashboards and security/privacy metrics to provide real-time visibility into risk, compliance posture, and program effectiveness
  • Support internal and external audits by providing high-quality, automated evidence and serving as a subject matter expert for security and privacy controls
  • Draft, maintain, and map security and privacy policies, standards, and procedures to relevant regulatory and industry frameworks
What we offer
What we offer
  • Freedom & flexibility
  • fit your work around your life
  • Designated quarterly Whaleness Days plus end of year Whaleness break
  • Home office setup
  • we want you comfortable while you work
  • 16 weeks of paid Parental leave
  • Technology stipend equivalent to $100 net/month
  • PTO plan that encourages you to take time to do the things you enjoy
  • Training stipend for conferences, courses and classes
  • Equity
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

We’re looking for a Senior Security Engineer to lead and scale our security moni...
Location
Location
Spain
Salary
Salary:
Not provided
maisa.ai Logo
Maisa
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years in security engineering, detection & response, or SOC/IR roles, with strong hands-on technical depth
  • Proven experience building and operating SIEM (Splunk, Elastic, or other equivalent SIEM platforms) detections, alerting, and dashboards in production environments
  • Strong incident response skills: investigation, evidence collection and custody-chain enforcement, containment strategies, and communications
  • Solid knowledge of AWS security (CloudTrail, GuardDuty concepts, IAM, VPC flow logs, CloudWatch, etc.) and common cloud attack techniques
  • Practical experience securing Kubernetes environments (cluster telemetry, runtime signals, RBAC, admission controls, workload identity)
  • Ability to write and maintain detections/playbooks as code (Python, Go, or similar), and comfort with automation and APIs
  • Strong understanding of attacker behavior, log sources, and detection tradeoffs (precision vs. recall)
Job Responsibility
Job Responsibility
  • Own detection engineering end-to-end: build, tune, and maintain threat detections across cloud, Kubernetes, workloads, and identity, focusing on high-fidelity signals and actionable alerts
  • Operate and evolve SIEM & SOAR: develop ingestion pipelines, parsing/normalization, enrichment, correlation, dashboards, and automated playbooks (triage, containment, evidence collection)
  • Threat detection & alerting strategy: define alert standards (severity, SLAs, routing), reduce noise, and establish measurable detection coverage mapped to frameworks (e.g., MITRE ATT&CK)
  • Incident response leadership: act as an incident responder and escalation point. Coordinate investigations, containment, eradication, recovery, and build incident reports
  • improve processes based on learnings
  • Detection content lifecycle: write, test, deploy, and continuously tune detection rules
  • maintain version control, peer review, and CI/CD for detections/playbooks
  • Threat hunting & proactive analysis: conduct hypothesis-driven hunts, identify gaps, and translate findings into new detections and automated response
  • Cross-functional collaboration: partner with GRC, SRE, and Engineering teams to harden services, improve observability, and roll out secure-by-default controls
  • Documentation and enablement: create runbooks, playbooks, and training so on-call responders and stakeholders can act quickly and consistently
  • Fulltime
Read More
Arrow Right

Senior Information Security Engineer

SmartRecruiters is looking for a Senior Information Security Engineer to join th...
Location
Location
Poland
Salary
Salary:
Not provided
smartrecruiters.com Logo
SmartRecruiters
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in information security, governance, risk, and/or compliance roles with a technical orientation
  • Demonstrated compliance or auditing experience with at least one major framework
  • Solid understanding of controls auditing principles and evidence management
  • Knowledge of risk management methodologies and experience conducting or supporting risk assessments
  • Ability to manage and deliver on multiple complex projects simultaneously, with minimal supervision
  • The ability to investigate, question, and interpret internal and external IT security and compliance issues at both a governance and technical level
  • A strong understanding of technology, cloud-based products, and SaaS environments
  • Experience working across business units and geographical boundaries to engage engineering, business, and operational teams
  • Experience with ISO 27001
  • Excellent written and verbal communication skills in English
Job Responsibility
Job Responsibility
  • Identify manual, repetitive GRC processes and design automation blueprints to streamline them, including evidence collection, control monitoring, access reviews, policy enforcement checks, and compliance reporting
  • Build and maintain automated workflows using compliance platforms, scripting, or integration tools to reduce manual effort and improve audit-readiness
  • Develop reusable templates, playbooks, and standardised blueprints for recurring GRC activities (e.g., vendor assessments, internal audits, risk reviews) to ensure consistency and scalability
  • Collaborate with engineering and IT teams to integrate security and compliance checks into existing toolchains and CI/CD pipelines where applicable
  • Continuously evaluate and improve GRC tooling, data flows, and reporting to drive operational efficiency across the team
  • Manage stakeholder expectations and partner with internal teams to ensure effective management of IT risks and compliance obligations
  • Maintain regional and local stakeholder relationships, meeting schedules, minutes, and reports
  • Support the maintenance of the SOC 2 Type II framework, including evidence collection, control testing coordination, and audit support
  • Effectively manage ISO 27001 and ISO 22301 audit lifecycles and coordinate with stakeholders on ISMS and BCMS improvements
  • Support the maintenance and continuous improvement of the ISO 42001 (AI Management System) framework in alignment with the EU AI Act
Read More
Arrow Right

Senior GRC specialist

At JFrog, we’re reinventing DevOps to help the world’s greatest companies innova...
Location
Location
Israel , Netanya/Tel Aviv
Salary
Salary:
Not provided
jfrog.com Logo
JFrog
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of direct experience in Information Security GRC, Risk Management, or Audit, preferably acquired within a high-growth SaaS or cloud-native environment
  • A proactive, self-starting mentality with strong analytical, project management, and problem-solving skills, with proven ability to validate your own work and drive tasks to completion independently
  • Demonstrable expertise in managing core compliance programs (SOC 2, ISO 27001)
  • Experience pursuing net-new compliance certifications and initiatives (e.g., R, C5, TISAX, IRAP)
  • Experience developing, drafting, and implementing security policies and standards from the ground up in a tech-focused environment, harmonizing controls across frameworks to create agile standards
  • Experience leading complex security audits, serving as a primary liaison and "in-the-room" lead during internal and external audits
  • Strong understanding of information security principles, risk management, and control frameworks in a cloud-first environment (AWS, GCP, Azure)
  • Exceptional communication and interpersonal skills, with a proven ability to build relationships and influence change across engineering, product, and business teams, and the ability to write concise, "Executive Ready" policies and risk reports
  • Hands-on experience with GRC platforms and a drive to automate manual GRC workflows
  • Bachelor’s degree in Cybersecurity, Information Technology, Law, or a related field, or equivalent practical experience
Job Responsibility
Job Responsibility
  • Drive Security Framework Adoption (New Markets): Lead the strategic adoption of net-new security frameworks to unlock business markets
  • Oversee the Security Certification Program: Oversee the end-to-end execution of our security assurance portfolio (ISO 27001, SOC 2)
  • Lead Security Audits: Serve as a primary GRC contact for internal and external audits. You'll coordinate evidence gathering, craft management responses, and drive the remediation of findings
  • Lead Governance Initiatives: Develop, maintain, and enhance the enterprise-wide security GRC framework, policies, standards, and procedures, ensuring they align with our cloud-native and SaaS environment
  • Risk Management & TPRM: Evolve our Third-Party (TPRM) and Internal Security Risk programs, including executing and documenting comprehensive risk assessments, ensuring that findings are remediated and clearly aligned with JFrog’s risk appetite
  • Collaborate Cross-Functionally: Partner with engineering, product, IT, and legal teams to embed security controls into daily business operations, ideally automated
  • Mentor & Advise: Act as a subject matter expert on governance and risk for the wider organization and provide mentorship to junior GRC team members
Read More
Arrow Right

Grc Specialist Senior

The GRC Specialist Senior is responsible for conducting security assessments, co...
Location
Location
United States , Coral Gables
Salary
Salary:
Not provided
citynational.com Logo
City National Bank of WV
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-7 years of of applied work experience in cyber security compliance management, cyber security programs, data engineering, analytics or integration, audits, assessments, risk and remediation
  • Knowledge of AI concepts (LLMs, prompt design, limitations, hallucinations, etc.)
  • Knowledge of information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC, and NIST
  • Knowledge of IT systems and processes, network infrastructure, data architecture, and protocols
  • Skill in applying cyber and cloud security frameworks, architecture, design, operations, controls, and service orchestration
  • Proficiency in Microsoft Office products (Word, Excel, PowerPoint)
  • Ability to develop and implement enterprise governance, risk, and compliance strategies and solutions
  • Ability to research and locate information related to internal and external organizations using online and other sources
  • Skill in security project management and planning
  • Ability to maintain confidentiality and handle sensitive information appropriately
Job Responsibility
Job Responsibility
  • Coordinate risk and control self-assessments with IT and cybersecurity subject matter experts and enterprise risk management team
  • Conduct control testing and document results to identify potential gaps in control design and/or control operating effectiveness
  • Collaborate with GRC, engineering, SecOps, IT operations, and BCP teams to define requirements and ensure scalable, secure, and maintainable AI-driven automation solutions
  • Identify opportunities to develop automated solutions using Microsoft Copilot, Power Automate, or another approved automation tool
  • Develop and maintain cybersecurity and IT policies, standards, procedures, program metrics and help develop automated compliance reports and risk metrics for executive leadership, to improve decision-making and reduce operational risk
  • Coordinate work assignments with process owners, control owners, external auditors, and consultants, ensuring issues are documented, monitored, and resolved
  • Advise internal stakeholders on internal control design for ongoing risk mitigation of information systems based on regulatory requirements and best practices
  • Communicate security issues and risks effectively to diverse audiences and ensure compliance with applicable controls based on a unified framework
  • Identify and correct process gaps proactively, recommending improvements to advance the Bank’s information security program maturity in alignment with company goals
  • Guide program leaders on risk remediation efforts, ensuring adequacy of response and timeliness based on risk severity
What we offer
What we offer
  • Medical, dental, and vision plans with employer contributions
  • 401(k) with matching
  • Generous PTO and paid holidays
  • Access to mental health and financial wellness resources
  • Tuition Reimbursement
  • Flex Time
  • Fulltime
Read More
Arrow Right

Senior Manager, Security Engineering

The Security Engineering team at Fullstory ensures that engineering teams across...
Location
Location
United States
Salary
Salary:
Not provided
fullstory.com Logo
Fullstory
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Has full-time people leadership experience in a similar type of team
  • Has experience owning, planning, and executing business-level security initiatives
  • Experience building sustainable security programs with an emphasis on customer service, partnership, and enablement of software engineering and business stakeholders
  • Experience participating in security architecture, risk management, vendor diligence, threat analysis, and other dimensions of technical expertise to support team initiatives
  • Experience directly managing security vendor relationships, project scoping, deployment, etc.
  • Ability to leverage AI tools to enhance work quality and accelerate timelines by implementing AI solutions that optimize efficiency
Job Responsibility
Job Responsibility
  • Lead a team of application and cloud security engineers, including strategy and mentorship
  • Enable our partners, such as Security GRC and Legal, in supporting business outcomes
  • Create paved roads, with a focus on automation, to speed up secure-engineering practices
  • Own and maximize investments in third-party security services, consultants, and technologies
  • Run incident response investigations in collaboration with Legal and external security firms
  • Advise peer leaders on cross-business initiatives and product strategy on security and risk
What we offer
What we offer
  • Flexible PTO policy
  • Annual company-wide closure
  • Federal holidays
  • Sponsored benefit packages for US-based Fullstorians
  • Supplemental coverage options for international Fullstorians
  • Professional development opportunities through training programs
  • Annual learning subsidy for US and EMEA-based employees
  • Monthly productivity stipend for US and EMEA-based Fullstorians
  • Team off-sites
  • Annual full-company meet-up
  • Fulltime
Read More
Arrow Right

Senior Staff Software Engineer

GEICO is seeking an experienced Senior Staff Software Engineer to lead the archi...
Location
Location
United States , Palo Alto
Salary
Salary:
130000.00 - 260000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of professional experience in software development
  • 10+ years of professional experience working with large enterprise or business applications, preferably Finance or Risk related
  • 5+ years of experience with Risk and Compliance systems (e.g. GRC
  • Regulatory Management
  • Model management
  • etc.) via established vendors (e.g. Auditboard
  • Archer
  • IBM
  • ServiceNow
  • etc.)
Job Responsibility
Job Responsibility
  • Lead the architecture, solution design, and implementation of vendor products or bespoke systems to support the Risk, Compliance, and Audit functions as well as work towards providing insightful analytics to proactively identify trends and issues
  • Leverage their awareness of Risk & Compliance technologies (e.g. Auditboard
  • Archer
  • OpenPages
  • ServiceNow
  • etc.) to support the implementation of vendor applications to support business requirements
  • Leverage finance system knowledge to ensure seamless integration of financial data from ERP systems, sub-ledgers and other enterprise sources to support the Risk and Compliance system requirements
  • Mentor other engineers and consistently share best practices and improve processes within and across teams
  • Understanding of DevOps concepts including Azure DevOps framework and tools to build out appropriate applications
  • Oversee system-wide technical initiatives, migrations, performance tuning, and process automation
What we offer
What we offer
  • Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being
  • Financial benefits including market-competitive compensation
  • a 401K savings plan vested from day one that offers a 6% match
  • performance and recognition-based incentives
  • and tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right