Skip to content

Senior GRC Engineer for Atlan, USA (remote) (salary not disclosed)

What will you do? We seek a highly-skilled, experienced, and self-motivated Senior GRC Engineer. As...

What will you do?

    • We seek a highly-skilled, experienced, and self-motivated Senior GRC Engineer.

As a Senior GRC Engineer, you will play a critical role in fortifying our security infrastructure, ensuring compliance with industry standards such as SOC 2, HIPAA, GDPR, and ISO27001, and implementing cutting-edge security practices like Policy as Code and Shift Left Security.

 

Compliance and Standards:

    • Lead efforts to maintain and enhance compliance with industry standards, including SOC2 Type2, HIPAA, GDPR, ISO27001, and USDPI.
    • Stay updated with current regulatory changes and ensure our security practices align with evolving requirements.
    • Build a unified compliance framework (UCF) that captures cybersecurity, data protection, and business continuity risks.
    • Create policies and processes in collaboration with security engineers such that they comply with the UCF, covering cloud security, application security, endpoint security, and data privacy.
    • Set up a review of all policies in practice to ensure all policies are adhered to at all times. Review and validate if the approach/solution taken to address the security and privacy risks/policies is appropriate.
    • Data Privacy: To be able to guide various teams on data protection practices. Review legal documents related to security/privacy as and when required.
    • Be the subject matter expert (SME) for security and privacy compliance and address queries/scenarios that might arise from different departments.
    • Stay up to date with security compliance frameworks and best practices to contribute towards the overall security posture of Atlan.

Policy as a Code

    • Identify the opportunities for implementing Policy as a Code to minimize manual intervention.
    • Partner with security engineers to drive the implementation of Policy as Code methodologies to automate and enforce security policies throughout the organization.

Shift Left Security

    • Advocate and identify Shift Left Security practices to embed security into the early stages of the development lifecycle.
    • Partner with security engineers across Cloud Infra and IT team in driving implementation of shift left security practices, such as: Embedding security practices in SDLC & Cloud infrastructure.
    • Embedding the GRC team approvals/reviews in day-to-day processes to enable better governance.

GRC Tools

    • Utilise GRC tools, such as Vanta, to streamline security processes and enhance efficiency.
    • Maintain a good security score on VANTA by coordinating with different stakeholders.
    • Evaluate and implement additional tools to support the automation of security tasks and assessments.

Training / Awareness

    • Create security and privacy training and awareness content and deliver training through creative and innovative means to create maximum impact.

Vendor and Client Security Assessment - Carry out assessments as and when required.

ARR Improvement

  • Collaborate with stakeholders to enhance Annual Recurring Revenue (ARR) through improved security measures.
  • Implement security strategies that align with organizational goals and customer expectations.

What makes you a great match for us? 

  • Proven experience demonstrating a deep understanding of security frameworks (SOC 2, HIPAA, GDPR, ISO27001, USDPI) and Policy as Code
  • Experience identifying and driving the "Shift Left Security" culture
  • Proficiency with GRC automation tools (Vanta) and a strong understanding of ISO Security Standards
  • Excellent communication and collaboration skills – you'll be working closely with various teams across the organization
  • Adaptability to a flexible work environment with global stakeholders across different geos
  • Prior experience creating and implementing a Unified Compliance Framework (UCF) with a heavy focus on improving cyber security posture for SaaS organizations
  • High Ownership and ability to run multiple security projects simultaneously
  • Ability to go the extra mile being flexible to drive measurable improvements to Atlan's security posture keeping business objectives in mind.

For more info.: https://hubs.la/Q02v-dMs0