CrawlJobs Logo
1Password Logo 1Password · IT - Software Development

Senior Security Engineer, GRC Automation

United States; Canada 156000.00 - 210000.00 USD; CAD / Year · Job Posted February 21, 2026
Apply Position
Job Link Share

Job Description

1Password is looking for a Senior Security Engineer – GRC to design and implement automation, dashboards, and integrations that power our Governance, Risk, and Compliance (GRC) operations. You’ll partner directly with the Senior Manager of GRC to build automation that scales our security and privacy commitments — from audit readiness and policy enforcement to customer trust workflows. A key focus for this role will be operationalizing our newly selected GRC platform, integrating it with our internal systems, and ensuring it supports automated, scalable assurance processes across the organization. This is a hands-on technical role for someone who’s passionate about making GRC repeatable, visible, and built into how the company works. It sits at the intersection of security engineering, compliance, and platform operations — ideal for someone with a solutions engineering or DevSecOps background who thrives in high-context, high-impact environments.

Job Responsibility

  • Lead the implementation and integration of our GRC platform, ensuring it is fully operationalized across key systems and workflows
  • Build out automated workflows for control testing, evidence collection, and audit readiness
  • Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management)
  • Design dashboards and reporting to track control health, trust signals, and audit performance
  • Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes like employee onboarding, change management, and incident response
  • Shape the roadmap for automated, resilient internal assurance infrastructure that grows alongside the business

Requirements

  • 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles
  • Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring
  • Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments
  • Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
  • Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
  • Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations

Nice to have

  • Hands-on experience with event-driven automation platforms like Tines and their use in control validation and alerting
  • Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in tools like Looker or Metabase
  • Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging)
  • Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content

What we offer

  • Health and wellbeing: Maternity and parental leave top-up programs
  • Competitive health benefits
  • Generous PTO policy
  • Growth and future: RSU program for most employees
  • Retirement matching program
  • Free 1Password account
  • Community: Paid volunteer days
  • Peer-to-peer recognition through Bonusly
  • Remote-first work environment
1Password - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Senior Security Engineer, GRC Automation

8 matching positions

Senior Security Engineer- Zalando Payments

The Information Security team at Zalando Payments acts as the second line of def...
Location
Location
Germany , Berlin
Salary
Salary:
Not provided
zalando.de Logo
Zalando
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of working experience in Information Security, Risk, or GRC, ideally in regulated environments such as fintech or payments
  • You understand frameworks and regulations such as DORA, PCI DSS, ISO 27001, or GDPR
  • You have experience designing or assessing security controls, including defining evidence and evaluating effectiveness
  • You bring a GRC engineering mindset, with an interest in automation, scalable evidence collection, and continuous monitoring
  • You are able to challenge constructively as a second line of defense, while collaborating effectively with engineering and security teams
  • You communicate clearly with both technical and non technical stakeholders, including senior management
Job Responsibility
Job Responsibility
  • Own and evolve the Information Security Management System at Zalando Payments, ensuring alignment with DORA, PCI DSS, ISO 27001, and internal policies
  • Drive the ZPS Security Controls Framework, including control definition, evidence requirements, and maturity targets
  • Independently verify security controls, assessing design and effectiveness, and ensuring traceability between risks, controls, and evidence
  • Apply a GRC engineering mindset by enabling automated evidence collection and continuous control monitoring
  • Collaborate with first line Engineering and Operational Security teams to ensure scalable and effective control implementation
  • Support internal and external audits and ensure regulatory readiness through structured, evidence driven practices
What we offer
What we offer
  • 27 days of holiday a year to start for full-time employees (+1 day for every calendar year up to 30 days)
  • 2 paid volunteering days a year
  • Hybrid working model with up to 60% remote per week, actual practice is up to each team to best support their collaboration
  • Work from abroad for up to 30 working days a year
  • Employee shares program
  • 40% off fashion and beauty products sold and shipped by Zalando, 30% off Lounge by Zalando, discounts from external partners
  • Relocation assistance available (subject to prior agreement)
  • Family services, including counseling and support
  • Health and wellbeing options (including Wellhub, formerly Gympass)
  • Mental health support and coaching available
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Privacy

As a Senior Security Engineer, Privacy, you will serve as a trusted advisor at t...
Location
Location
Canada; England; France; Germany; Italy; Portugal; Spain; United States
Salary
Salary:
88000.00 - 110000.00 EUR / Year
docker.com Logo
Docker
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6–8 years of experience in information technology, security engineering, governance, risk and compliance, privacy engineering, or closely related roles
  • Proven experience designing and implementing GRC programs with a strong emphasis on automation, engineering, and scalable processes
  • Hands-on experience implementing or operating privacy programs aligned with GDPR and ISO/IEC 27701, including privacy-by-design and privacy-by-default principles
  • Strong understanding of privacy engineering concepts such as data minimization, purpose limitation, data lifecycle management, and technical data protection controls
  • Proficiency in one or more programming or scripting languages such as Python or Golang, with experience building automation for compliance and privacy workflows
  • Experience working with APIs, webhooks, and integrating GRC, privacy, and security tooling
  • Hands-on experience with public cloud environments (AWS, Azure, or GCP), including applying privacy and data protection controls across backup systems, data lakes, and distributed cloud storage services
  • Experience integrating security and compliance requirements into SDLC and CI/CD pipelines using DevSecOps practices
  • Solid understanding of security frameworks and regulatory standards such as ISO 27xxx, SOC 2, GDPR, and NIST, and how they apply to SaaS environments
  • Knowledge of information security risk management and common security technologies (e.g., SIEM, vulnerability management, data loss prevention, endpoint protection)
Job Responsibility
Job Responsibility
  • Embed privacy-by-design principles into Docker products, services, and internal platforms, aligned with ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations
  • Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines
  • Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness
  • Implement and customize GRC and privacy tooling using APIs, scripting, and automation to streamline evidence collection, control validation, and compliance operations
  • Lead and automate data discovery, classification, and data mapping across Docker systems to maintain accurate Records of Processing Activities (RoPA) and support data lifecycle governance
  • Conduct and operationalize security risk assessments and Data Protection Impact Assessments (DPIAs), integrating findings into Docker’s risk register and remediation tracking
  • Define, implement, and validate data protection and data lifecycle controls, including data minimization, retention, deletion, and access controls
  • Build and maintain dashboards and security/privacy metrics to provide real-time visibility into risk, compliance posture, and program effectiveness
  • Support internal and external audits by providing high-quality, automated evidence and serving as a subject matter expert for security and privacy controls
  • Draft, maintain, and map security and privacy policies, standards, and procedures to relevant regulatory and industry frameworks
What we offer
What we offer
  • Freedom & flexibility
  • fit your work around your life
  • Designated quarterly Whaleness Days plus end of year Whaleness break
  • Home office setup
  • we want you comfortable while you work
  • 16 weeks of paid Parental leave
  • Technology stipend equivalent to $100 net/month
  • PTO plan that encourages you to take time to do the things you enjoy
  • Training stipend for conferences, courses and classes
  • Equity
  • Fulltime
Read More
Arrow Right

Senior Manager, Security Engineering

The Security Engineering team at Fullstory ensures that engineering teams across...
Location
Location
United States
Salary
Salary:
Not provided
fullstory.com Logo
Fullstory
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Has full-time people leadership experience in a similar type of team
  • Has experience owning, planning, and executing business-level security initiatives
  • Experience building sustainable security programs with an emphasis on customer service, partnership, and enablement of software engineering and business stakeholders
  • Experience participating in security architecture, risk management, vendor diligence, threat analysis, and other dimensions of technical expertise to support team initiatives
  • Experience directly managing security vendor relationships, project scoping, deployment, etc.
  • Ability to leverage AI tools to enhance work quality and accelerate timelines by implementing AI solutions that optimize efficiency
Job Responsibility
Job Responsibility
  • Lead a team of application and cloud security engineers, including strategy and mentorship
  • Enable our partners, such as Security GRC and Legal, in supporting business outcomes
  • Create paved roads, with a focus on automation, to speed up secure-engineering practices
  • Own and maximize investments in third-party security services, consultants, and technologies
  • Run incident response investigations in collaboration with Legal and external security firms
  • Advise peer leaders on cross-business initiatives and product strategy on security and risk
What we offer
What we offer
  • Flexible PTO policy
  • Annual company-wide closure
  • Federal holidays
  • Sponsored benefit packages for US-based Fullstorians
  • Supplemental coverage options for international Fullstorians
  • Professional development opportunities through training programs
  • Annual learning subsidy for US and EMEA-based employees
  • Monthly productivity stipend for US and EMEA-based Fullstorians
  • Team off-sites
  • Annual full-company meet-up
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

We’re looking for a Senior Security Engineer to lead and scale our security moni...
Location
Location
Spain
Salary
Salary:
Not provided
maisa.ai Logo
Maisa
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years in security engineering, detection & response, or SOC/IR roles, with strong hands-on technical depth
  • Proven experience building and operating SIEM (Splunk, Elastic, or other equivalent SIEM platforms) detections, alerting, and dashboards in production environments
  • Strong incident response skills: investigation, evidence collection and custody-chain enforcement, containment strategies, and communications
  • Solid knowledge of AWS security (CloudTrail, GuardDuty concepts, IAM, VPC flow logs, CloudWatch, etc.) and common cloud attack techniques
  • Practical experience securing Kubernetes environments (cluster telemetry, runtime signals, RBAC, admission controls, workload identity)
  • Ability to write and maintain detections/playbooks as code (Python, Go, or similar), and comfort with automation and APIs
  • Strong understanding of attacker behavior, log sources, and detection tradeoffs (precision vs. recall)
Job Responsibility
Job Responsibility
  • Own detection engineering end-to-end: build, tune, and maintain threat detections across cloud, Kubernetes, workloads, and identity, focusing on high-fidelity signals and actionable alerts
  • Operate and evolve SIEM & SOAR: develop ingestion pipelines, parsing/normalization, enrichment, correlation, dashboards, and automated playbooks (triage, containment, evidence collection)
  • Threat detection & alerting strategy: define alert standards (severity, SLAs, routing), reduce noise, and establish measurable detection coverage mapped to frameworks (e.g., MITRE ATT&CK)
  • Incident response leadership: act as an incident responder and escalation point. Coordinate investigations, containment, eradication, recovery, and build incident reports
  • improve processes based on learnings
  • Detection content lifecycle: write, test, deploy, and continuously tune detection rules
  • maintain version control, peer review, and CI/CD for detections/playbooks
  • Threat hunting & proactive analysis: conduct hypothesis-driven hunts, identify gaps, and translate findings into new detections and automated response
  • Cross-functional collaboration: partner with GRC, SRE, and Engineering teams to harden services, improve observability, and roll out secure-by-default controls
  • Documentation and enablement: create runbooks, playbooks, and training so on-call responders and stakeholders can act quickly and consistently
  • Fulltime
Read More
Arrow Right

Senior Technical Program Manager

The Senior Technical Program Manager, Security & GRC will work directly with our...
Location
Location
United States
Salary
Salary:
200000.00 - 220000.00 USD / Year
humaninterest.com Logo
Human Interest
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in CS, Engineering, or a related field
  • Started career as a Security Engineer, Systems Administrator, or Analyst
  • TPM professional for 5+ years, specifically managing high-stakes security, privacy, or infrastructure initiatives
  • Deep understanding of the Security SDLC and experience navigating cloud-native service architectures (AWS/GCP) with a focus on security guardrails
  • Experience translating regulatory frameworks (e.g., SOC2, ISO 27001, FedRAMP, or GDPR) into concrete technical requirements
  • Proven ability to 'go deep' and comfortable looking at architectural diagrams, API docs, or cloud configurations to find root causes
  • Exceptional communication skills with a knack for explaining the 'why' behind a security control to a developer and the 'how' of a technical fix to an auditor
  • Strong ability to leverage data—from vulnerability scanners to Jira velocity—to tell a story and drive cross-functional decision-making
Job Responsibility
Job Responsibility
  • Technical security orchestration: Partner with Security Engineering, Risk, Product, and Infrastructure teams to bake security and compliance 'into the kiln'
  • Help design risk solutions: Dive deep into the security stack to not only identify execution blockers but actively architect the technical solutions to implement them
  • Help architect our security mission: Define the technical milestones for high-stakes initiatives like Zero Trust and IAM overhauls, translating a broad vision into a precise execution roadmap
  • Drive high-velocity operations: Lead agile security sprints that harmonize vulnerability remediation and threat detection with feature development
  • Optimize the 'rhythm of the business' by automating manual GRC workflows, eliminating manual friction and moving us toward Compliance as Code
  • Translate telemetry into narrative: Distill complex security data and telemetry into compelling risk narratives for leadership while maintaining high-fidelity technical depth for engineers
  • Optimize the defensive roadmap: Command long-term strategic planning by aligning cloud infrastructure costs and security tooling with the company’s overarching defensive goals
  • Cultivate organizational excellence: Uphold a relentless culture of focus and accountability, identifying systemic inefficiencies and driving impact through superior tooling and process engineering
What we offer
What we offer
  • A great 401(k) plan: Our own! Our 401(k) includes a dollar-for-dollar employer match up to 4% of compensation (immediately vested) and $0 plan fees
  • Top-of-the-line health plans, as well as dental and vision insurance
  • Competitive time off and parental leave
  • Addition Wealth: Unlimited access to digital tools, financial professionals, and a knowledge center to help you understand your equity and support your financial wellness
  • Lyra: Enhanced Mental Health Support for Employees and dependents
  • Carrot: Fertility healthcare and family forming benefits
  • Candidly: Student loan resource to help you and your family plan, borrow, and repay student debt
  • Monthly work-from-home stipend
  • quarterly lifestyle stipend
  • Engaging team-building experiences, ranging from virtual social events to team offsites, promoting collaboration and camaraderie
  • Fulltime
Read More
Arrow Right

Senior GRC specialist

At JFrog, we’re reinventing DevOps to help the world’s greatest companies innova...
Location
Location
Israel , Netanya/Tel Aviv
Salary
Salary:
Not provided
jfrog.com Logo
JFrog
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of direct experience in Information Security GRC, Risk Management, or Audit, preferably acquired within a high-growth SaaS or cloud-native environment
  • A proactive, self-starting mentality with strong analytical, project management, and problem-solving skills, with proven ability to validate your own work and drive tasks to completion independently
  • Demonstrable expertise in managing core compliance programs (SOC 2, ISO 27001)
  • Experience pursuing net-new compliance certifications and initiatives (e.g., R, C5, TISAX, IRAP)
  • Experience developing, drafting, and implementing security policies and standards from the ground up in a tech-focused environment, harmonizing controls across frameworks to create agile standards
  • Experience leading complex security audits, serving as a primary liaison and "in-the-room" lead during internal and external audits
  • Strong understanding of information security principles, risk management, and control frameworks in a cloud-first environment (AWS, GCP, Azure)
  • Exceptional communication and interpersonal skills, with a proven ability to build relationships and influence change across engineering, product, and business teams, and the ability to write concise, "Executive Ready" policies and risk reports
  • Hands-on experience with GRC platforms and a drive to automate manual GRC workflows
  • Bachelor’s degree in Cybersecurity, Information Technology, Law, or a related field, or equivalent practical experience
Job Responsibility
Job Responsibility
  • Drive Security Framework Adoption (New Markets): Lead the strategic adoption of net-new security frameworks to unlock business markets
  • Oversee the Security Certification Program: Oversee the end-to-end execution of our security assurance portfolio (ISO 27001, SOC 2)
  • Lead Security Audits: Serve as a primary GRC contact for internal and external audits. You'll coordinate evidence gathering, craft management responses, and drive the remediation of findings
  • Lead Governance Initiatives: Develop, maintain, and enhance the enterprise-wide security GRC framework, policies, standards, and procedures, ensuring they align with our cloud-native and SaaS environment
  • Risk Management & TPRM: Evolve our Third-Party (TPRM) and Internal Security Risk programs, including executing and documenting comprehensive risk assessments, ensuring that findings are remediated and clearly aligned with JFrog’s risk appetite
  • Collaborate Cross-Functionally: Partner with engineering, product, IT, and legal teams to embed security controls into daily business operations, ideally automated
  • Mentor & Advise: Act as a subject matter expert on governance and risk for the wider organization and provide mentorship to junior GRC team members
Read More
Arrow Right

Head of Information Security

The Head of Information Security is a senior technical leadership role. The role...
Location
Location
Poland , Kraków
Salary
Salary:
Not provided
content.perkinelmer.com Logo
PerkinElmer
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Engineering, or related field
  • 5+ years of experience in technical cybersecurity roles
  • Proven experience leading enterprise-scale security engineering and operations teams
Job Responsibility
Job Responsibility
  • Own the enterprise security architecture across network, endpoint, cloud, identity, and application domains
  • Define technical security standards, reference architectures, and engineering patterns
  • Lead the selection, deployment, and lifecycle management of security platforms and tooling
  • Embed security-by-design into infrastructure, cloud, and application initiatives
  • Lead Security Operations (SOC / SecOps), including detection, response, and operational resilience
  • Own vulnerability management, threat intelligence, and security telemetry
  • Drive continuous improvement in detection, automation, and response effectiveness
  • Lead the Cybersecurity Incident Response Team (CIRT)
  • Act as technical incident commander during major security incidents
  • Own investigation, containment, eradication, and recovery activities
What we offer
What we offer
  • Private healthcare including dental care
  • Life and long-term disability insurance
  • MyBenefit Cafeteria system
  • Multisport Card
  • Social Fund Subsidies
  • Home Office allowance
  • Tuition reimbursement
  • Referral awards
  • Internal career development opportunities in multiple business areas
  • Day off to celebrate your birthday
Read More
Arrow Right

Security GRC Analyst

We’re looking for a Security GRC Analyst to help support and advance Intercom’s ...
Location
Location
Ireland , Dublin
Salary
Salary:
Not provided
intercom.com Logo
Intercom
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience building collaborative relationships with a diverse range of stakeholders, including executive leadership, management, Legal, Privacy, Engineering, and external auditors
  • Experience with cloud security practices, including tooling, strategy, and methodology
  • experience with AWS security is preferred
  • Knowledge of information security technologies, compliance and regulatory requirements, information governance, and privacy best practices
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, SOC 2, and HIPAA, as well as NIST frameworks including 800-53 and the NIST Cybersecurity Framework
  • Demonstrates a high level of personal integrity, with the ability to handle confidential information professionally and exercise sound judgment and maturity
  • Demonstrates the ability to scope, plan, and delegate work effectively
  • Demonstrates strong cross-functional communication skills, both written and verbal
  • Demonstrates a high degree of autonomy and ownership in their approach to work
Job Responsibility
Job Responsibility
  • Develop, enhance, and operationalise entity-level security and privacy policies, processes, and controls to mitigate risk and comply with applicable laws and regulations
  • Continuously monitor and assess Intercom’s security and privacy controls, working closely with teams such as Legal, Engineering, Sales, and Customer Support to refine and improve control design
  • Drive the implementation of security assurance strategies, including ownership of internal and external assurance resources and improvements to Intercom’s security assurance materials
  • Maintain and manage the enterprise security risk register, partnering with senior leaders to identify, assess, and reduce security risks
  • Improve operational efficiency through process improvements, technical solutions, and automation where possible
What we offer
What we offer
  • Competitive salary and equity in a fast-growing start-up
  • We serve lunch every weekday, plus a variety of snack foods and a fully stocked kitchen
  • Regular compensation reviews – we reward great work!
  • Pension scheme & match up to 4%
  • Peace of mind with life assurance, as well as comprehensive health and dental insurance for you and your dependents
  • Flexible paid time off policy
  • Paid maternity leave, as well as 6 weeks paternity leave for fathers, to let you spend valuable time with your loved ones
  • If you’re cycling, we’ve got you covered on the Cycle-to-Work Scheme, with secure bike storage too
  • MacBooks are our standard, but we also offer Windows for certain roles when needed
  • Fulltime
Read More
Arrow Right