Senior Security Engineer, GRC

Summary

Join our team as a Senior Security Engineer, GRC, where you'll be the primary owner of our customer-facing compliance program and a trusted partner throughout the enterprise sales cycle. In this role, you will manage the end-to-end lifecycle of security questionnaires, due diligence requests, and compliance reviews and automate parts of that process. You will ensure prospective and existing customers have full confidence in our security posture and you will work closely with Sales, Legal, and Product to represent our compliance program externally, while maintaining the internal rigor of our governance and risk frameworks.

What You'll Do

• Own the intake, prioritization, and completion of all inbound customer security questionnaires, RFPs, and due diligence requests including SIG, CAIQ, and custom enterprise questionnaires with a commitment to accuracy, thoroughness, and turnaround time.
• Serve as the primary customer-facing representative for security and compliance, leading calls and meetings with enterprise customers, prospects, and their security or procurement teams.
• Build and maintain a comprehensive, evergreen response library for common security and compliance questions, reducing duplication of effort and ensuring consistency across all customer engagements.
• Build and maintain automations to continuously validate the organization's compliance posture across key frameworks including SOC2 Type II, ISO 27001, and HIPAA, coordinating evidence collection, managing external auditor relationships, and driving readiness for annual assessments.
• Build dashboards and reporting pipelines that provide leadership with real-time visibility into compliance posture, open risks, and program health.
• Design and automate the third-party risk assessment process, including vendor tiering logic, questionnaire workflows, and continuous monitoring for critical vendors.
• Perform ongoing risk assessments and maintain a risk register that reflects the current threat and compliance landscape, escalating material findings to leadership with clear remediation recommendations.
• Conduct third-party vendor risk assessments, including use case-specific risk analysis, ongoing tiering and monitoring, and implementation recommendations.
• Author, maintain, and operationalize security policies and procedures; track employee acknowledgments and manage exceptions through to resolution.
• Coordinate and participate in customer security review meetings, including onsite or virtual sessions with enterprise security, legal, and procurement stakeholders.
• Collaborate cross-functionally with Engineering, Legal, and Product to gather documentation, validate control descriptions, and resolve compliance gaps surfaced through customer inquiries.

What You'll Bring

• 8+ years of experience