Senior GRC & Privacy Engineer

Are you a skilled compliance engineer searching for a distinctive opportunity to create a significant impact? As the Senior GRC & Privacy Engineer, you’ll play a crucial role in ensuring our organization adheres to industry standards and regulatory requirements. You’ll be responsible for developing, implementing, and managing governance, risk, and compliance frameworks. Your efforts will help us maintain a proactive stance on compliance, enhance our risk management strategies, and ensure that we continue to thrive in a complex regulatory environment.

Expel is seeking a dynamic GRC expert that understands the importance of compliance frameworks with the ability to seamlessly link the nuts and bolts of technical compliance with the formal language of regulatory requirements. This approach allows us to transform Expel for the better by embracing proactive rather than reactive compliance management. It positions you as a collaborative teammate, simplifying compliance complexities into easily understood concepts.

We need you to join our mission to steer Expel through diverse requirements, audits, and frameworks, crafting a path that is logical, efficient, and ensures our success. If you are passionate about governance, risk, and compliance and want to be part of a forward-thinking cybersecurity company, come join our GRC team!

What Expel can do for you

• Maintain the operational effectiveness of the GRC program which is inclusive of policy management, training and competence management, contract compliance management, third party risk management, and privacy operations management
• Cultivate customer trust by demonstrating a dedication to data privacy and security by maintaining our Privacy Security & Compliance Hubs (Third Party Risk, Privacy Ops, Trust Center Platform) 
• Work within the agile framework to consistently plan and complete multi-quarter projects to deliver against team objectives and key results
• Support and maintain the Risk Management Program by identifying and assessing risks, implementing mitigation strategies and reporting to Security leadership on the current state of risk at Expel
• Provide support for our vendor third-party risk objectives which includes sending out vendor security assessments and supporting the completion of privacy impact assessments
• Collaborate with teams across the business to enable audit readiness for annual audits and other assessments that may occur throughout the year

What you can do for Expel

• Ability to work autonomously in a fast paced, multi-functional environment 
• Be a GRC champion with a focus on documenting detailed procedures, mentoring teammates and sharing knowledge to empower others-to self-solve
• Strong verbal and written communication skills that enable you to translate ‘GRC & compliance’ jargon internally, while also supporting our go-to-market teams with current customers and prospects
• Eagerness to work within a small but mighty team to move compliance initiatives forward

What you should bring with you

• Solid grasp of compliance and security frameworks that would include SCF, SOC 2, ISO 27001, ISO 27701, NIST 800-171, FedRAMP
• A clear understanding of security-by-design and privacy-by-design principles in agile cloud -  SaaS Systems Development Lifecycle (SDLC) processes.
• Knowledge of privacy regulations is a plus - Knowledge of the EU GDPR, CCPA and to understand what requirements Expel should perform to maintain compliance
• Broad understanding of multiple security domains including enterprise security, cloud security, identity management and privacy/data protection
• Proven experience in a GRC role centered on FedRAMP compliance.
• Solid grasp of SCF, FedRAMP, NIST, ISO, SOC 2, and other relevant regulatory requirements and industry standards and compliance frameworks
• 6+ years of hands-on experience driving IT/Security related audits, deploying and maintaining GRC tooling and working within the Secure Controls Framework to drive compliance across organizations
• Experience auditing controls in an AWS Cloud environment is preferred
• Having relevant certifications related to security, grc or privacy are helpful but not required

Additional Notes

Pay range: $114,200 USD to $165,700 USD + bonus eligibility and equity.

We believe in paying transparently and equitably. Your salary will ultimately be based on factors such as your experience, skills, team equity, and market data. You’ll also be eligible for unlimited PTO (which we model and encourage), work location flexibility, up to 24 weeks of parental leave, and really excellent health benefits.

Our headquarters is in Herndon, Virginia, however our team is mostly remote, and we have full support for remote interaction. We realize that while there is benefit to in-person interaction, good people don’t all live in Northern Virginia.

We're only hiring those authorized to work in the United States.

We're an Equal Opportunity Employer: You will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

We’ll ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please let us know if you need accommodation of any kind.

#LI-Remote