Senior GRC Engineer

What will you do?

• We seek a highly skilled, experienced, and self-motivated Senior GRC Engineer.


As a Senior GRC Engineer you will play a critical role in fortifying our security infrastructure, ensuring compliance with industry standards such as SOC 2, HIPAA, GDPR, and ISO27001, and implementing cutting-edge security practices like Policy as Code and Shift Left Security.


Compliance and Standards:
• Lead efforts to maintain and enhance compliance with industry standards, including SOC2 Type2, HIPAA, GDPR, ISO27001, and USDPI.
• Stay updated with current regulatory changes and ensure our security practices align with evolving requirements.
• Build a unified compliance framework (UCF) that captures cybersecurity, data protection, and business continuity risks.
• Create policies and processes in collaboration with security engineers such that they comply with the UCF, covering cloud security, application security, endpoint security, and data privacy.
• Set up a review of all policies in practice to ensure all policies are adhered to at all times. Review and validate if the approach/solution taken to address the security and privacy risks/policies is appropriate.
• Data Privacy: To be able to guide various teams on data protection practices. Review legal documents related to security/privacy as and when required.
• Be the subject matter expert (SME) for security and privacy compliance and address queries/scenarios that might arise from different departments.
• Stay up to date with security compliance frameworks and best practices to contribute towards the overall security posture of Atlan.
Policy as a Code
• Identify the opportunities for implementing Policy as a Code, to minimise manual intervention.
• Partner with security engineers to drive the implementation of Policy as Code methodologies to automate and enforce security policies throughout the organization.
Shift Left Security
• Advocate and identify Shift Left Security practices to embed security into the early stages of the development lifecycle.
• Partner with security engineers across Cloud Infra and IT team in driving implementation of shift left security practices, such as :Embedding security practices in SDLC & Cloud infrastructure.
• Embedding the GRC team approvals/reviews in day-to-day processes to enable better governance.
GRC Tools
• Utilise GRC tools such as Vanta, to streamline security processes and enhance efficiency.
• Maintain a good security score on VANTA by coordinating with different stakeholders.
• Evaluate and implement additional tools to support the automation of security tasks and assessments.
Training / Awareness
• Create security and privacy training and awareness content and deliver training through creative and innovative means to create maximum impact.
Vendor and Client Security Assessment - Carry out assessments as and when required.
ARR Improvement
• Collaborate with stakeholders to enhance Annual Recurring Revenue (ARR) through improved security measures.
• Implement security strategies that align with organizational goals and customer expectations.

What makes you a great match for us? 😍

• Proven experience demonstrating a deep understanding of security frameworks (SOC 2, HIPAA, GDPR, ISO27001, USDPI) and Policy as Code
• Experience identifying and driving the "Shift Left Security" culture
• Proficiency with GRC automation tools (Vanta) and a strong understanding of ISO Security Standards
• Excellent communication and collaboration skills – you'll be working closely with various teams across the organization
• Adaptability to a flexible work environment with global stakeholders across different geos
• Prior experience creating and implementing a Unified Compliance Framework (UCF) with a heavy focus on improving cyber security posture for SaaS organizations
• High Ownership and ability to run multiple security projects simultaneously
• Ability to go the extra mile being flexible to drive measurable improvements to Atlan's security posture keeping business objectives in mind.