GRC Engineer

WorkosWorkos·Remote(United States)
Software Development
Excel

WFA Digital Insight

As the demand for skilled GRC professionals continues to rise, with a growth rate of 25% in the last year alone, WorkOS is at the forefront, seeking a GRC Engineer to lead their compliance function. With the increasing importance of data security and customer trust, this role is pivotal in driving the company's next tier of certifications and reinforcing trust with enterprise customers. Candidates should be well-versed in framework implementation, such as SOC 2, and have a strong engineering mindset to automate compliance processes. Before applying, it's essential to understand the evolving landscape of GRC and how it intersects with engineering practices.

Job Description

About the Role

The GRC Engineer position at WorkOS is a critical role that involves building and owning the company's Governance, Risk, and Compliance program. This is a unique opportunity for a professional who can merge technical expertise with compliance knowledge to drive WorkOS into the next tier of certifications and ensure customer trust. The successful candidate will work closely with the security leadership team to navigate the GRC program, setting the strategy, shaping the roadmap, and building the systems and culture that make compliance an integral part of how software is developed.

Day-to-day, the GRC Engineer will be responsible for owning the compliance function, including frameworks, policies, controls, and audits. This role requires a leader who can make compliance part of the software development process, not a separate track. The ideal candidate will have hands-on experience with major frameworks such as SOC 2, HIPAA, GDPR, and PCI-DSS, and be able to reason about new frameworks from first principles.

WorkOS is expanding its internal GRC function to scale compliance, risk, and customer trust programs as it grows. The company has foundational compliance in place but needs a leader who can drive initiatives for FedRAMP and other frameworks, partner directly with enterprise customers, and build on the trust established with companies that depend on WorkOS.

What You Will Do

  • Own the compliance function, including frameworks, policies, controls, and audits.
  • Lead the next certifications, driving initiatives for FedRAMP and other frameworks.
  • Partner directly with customers to support audits and enable sales on compliance-gated deals.
  • Own risk across WorkOS, running risk and third-party risk programs, identifying risks, driving remediation, and surfacing signal to leadership.
  • Build GRC-as-code, writing code and tooling to automate compliance processes and leveraging AI where appropriate.
  • Collaborate with security leadership to set the strategy, shape the roadmap, and build the systems and culture for compliance.
  • Develop and maintain compliance documentation, ensuring it is up-to-date and accessible.
  • Work with the engineering team to integrate compliance into the software development lifecycle.
  • Engage with external auditors and regulatory bodies as required.

What We Are Looking For

  • A builder with experience in implementing or auditing major compliance frameworks.
  • Strong technical skills, with the ability to write code and automate compliance processes.
  • Experience working in a fast-paced, rapidly growing environment.
  • Strong understanding of cloud security, product security, and detection and response.
  • Ability to partner effectively with engineering teams and understand their priorities.
  • Excellent communication skills, with the ability to explain complex compliance concepts to both technical and non-technical stakeholders.
  • Experience with risk management and third-party risk programs.
  • Familiarity with AI and its applications in compliance and security.

Nice to Have

  • Experience with FedRAMP and other government compliance frameworks.
  • Knowledge of AI and machine learning applications in compliance and security.
  • Familiarity with containerization and orchestration technologies.
  • Experience working in a remote environment and collaborating with distributed teams.
  • Certification in compliance, security, or a related field.

Benefits and Perks

  • The opportunity to work with a leading company in the tech industry.
  • Remote work arrangement, with the flexibility to work from anywhere in the United States or Canada.
  • Competitive compensation package.
  • Equity in a company that is poised for significant growth.
  • Comprehensive health insurance.
  • Generous PTO policy.
  • Professional development opportunities, including training and conference attendance.
  • Access to the latest technologies and tools.
  • Collaborative and dynamic work environment.

How to Stand Out

  • Tip: Ensure you have hands-on experience with major compliance frameworks such as SOC 2, HIPAA, and GDPR, as this is a key requirement for the role.
  • Familiarize yourself with cloud security, product security, and detection and response principles to stand out as a candidate.
  • Develop a strong understanding of how to build GRC-as-code and automate compliance processes using coding skills and AI.
  • Showcase your ability to collaborate with engineering teams and understand their priorities to effectively integrate compliance into the software development lifecycle.
  • Prepare examples of how you've driven compliance initiatives and partnered with customers to support audits and enable sales on compliance-gated deals.
  • Highlight any experience you have with risk management and third-party risk programs to demonstrate your ability to own risk across the company.
  • Be ready to discuss how you stay up-to-date with the latest advancements in compliance, security, and AI, and how you apply this knowledge in your work.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.