Senior GRC Engineer

Senior GRC Engineer

We are hiring a Senior GRC Engineer to build and scale an engineering-driven, automation-first, and AI-enabled approach to Governance, Risk, and Compliance (GRC).

This role goes far beyond traditional GRC. You will design and implement intelligent, automated systems that integrate directly into our engineering and cloud environments—transforming compliance from a manual, point-in-time exercise into a continuous, real-time capability.

You will leverage automation, data pipelines, and emerging AI/LLM capabilities to reduce manual effort, improve signal quality, and enable proactive risk management.

This is a high-impact role at the intersection of security engineering, compliance, and data—helping evolve GRC into a measurable, scalable, and product-aligned function.

The Skillset

Build GRC Engineering Capabilities

• Design and implement policy-as-code and compliance-as-code frameworks
• Automate control testing and evidence collection using cloud and CI/CD telemetry
• Integrate GRC processes with engineering tools and workflows
• Develop reusable tooling and internal platforms for scalable, self-service compliance
• Build and deploy production-grade automation leveraging LLMs and AI tooling (e.g., for control mapping, evidence analysis, and anomaly detection)
• Own the design, development, and maintenance of core GRC automation systems and services

Drive Risk Visibility and Measurement

• Develop KPIs and KRIs using engineering and cloud data
• Support risk quantification efforts using frameworks such as FAIR
• Maintain and improve the security risk register
• Apply data modeling and AI techniques to identify emerging risks and reduce false positives
• Build automated risk scoring and prioritization models using real-time engineering and security data

Support Audits and Certifications

• Lead and support audits including SOC 2, ISO 27001, ISO 27701, FedRAMP and CJIS
• Build automated audit readiness and continuous compliance processes
• Serve as a key point of contact for internal and external auditors

Partner Across the Business

• Work with Product and Engineering teams on security and privacy requirements
• Support customer security reviews, RFIs, and trust center initiatives
• Collaborate with Legal and Privacy teams on regulatory alignment

Third-Party Risk Management

• Automate vendor assessments using AI-assisted questionnaire analysis and response validation
• Build workflows to ingest, analyze, and score third-party risk data at scale

What You Bring

Experience

• 5+ years in GRC, security engineering, or related roles
• Experience working in cloud-native environments, AWS is a must
• Experience supporting audits such as SOC 2, ISO 27001, or similar
• Relevant certifications such as CISA, CRISC, FAIR, AWS Security Specialty, ISO 27001/42001 Lead Auditor certifications a plus

Technical Skills

• Experience integrating security and compliance into CI/CD pipelines
• Ability to work with APIs, automation tools, or scripting languages
• Experience implementing policy-as-code, compliance-as-code, or security-as-code frameworks
• Familiarity with tools such as Terraform, CloudFormation, or similar IaC frameworks

AI & Automation Mindset

• Thinks in terms of systems and scale, not manual tasks—automating repetitive work wherever possible
• Curious about and experienced with applying AI to operational problems, especially in security or compliance
• Comfortable experimenting with emerging technologies and rapidly evolving tooling
• Focused on signal over noise, reducing manual overhead while increasing accuracy

GRC Expertise

• Strong understanding of frameworks such as SOC2 Type II, NIST 800-53, ISO 27001, and CJIS
• Experience with third-party risk management and vendor assessments
• Ability to translate regulatory requirements into technical controls

Mindset

• Automation-first thinking
• Strong problem-solving skills and ownership mentality
• Ability to balance security, compliance, and business needs
• Ability to collaborate effectively with engineering, security, and business stakeholders

What Success Looks Like

• GRC processes are automated and integrated into engineering workflows
• Audit readiness becomes continuous rather than periodic
• Risk is measured using real-time data and clear metrics, tied to revenue
• Engineering teams experience GRC as an enabler, not a blocker
• Customer trust and security assurance scale with company growth
• Manual GRC processes are replaced with intelligent, automated workflows
• AI-assisted systems reduce audit preparation time and improve evidence quality
• GRC insights directly influence engineering prioritization and business decision-making

Feeling uneasy that you haven't ticked every box? That's okay; we've felt that way too. Studies have shown women and minorities are less likely to apply unless they meet all qualifications. We encourage you to break the status quo and apply to roles that would make you excited to come to work every day.

90 Days at Flock

We prescribe to 90 day plans and believe that good days lead to good weeks, which lead to good months. This serves as a preview of the 90 day plan you will receive if you were to be hired in this role at Flock.

The First 30 Days

• Ramp on systems, architecture, and existing GRC processes
• Build relationships with Engineering, Security, and Legal
• Identify initial automation opportunities

The First 60 Days

• Begin implementing automation for control testing and evidence collection
• Contribute to audit readiness and ongoing compliance efforts
• Define KPIs/KRIs for risk visibility

90 Days & Beyond

• Deliver measurable improvements in GRC automation and efficiency
• Launch initial AI-assisted workflows
• Influence roadmap for long-term GRC engineering strategy using a crawl, walk, run approach

Salary & Equity

In this role, you'll receive a starting salary between $130,000 and $150,000 as well as Flock Stock Options. Base salary is determined by job-related experience, education/training, as well as market indicators. Your recruiter will discuss this in-depth with you during our first chat.

Location

We're building the impossible, together. To drive innovation through in-person collaboration, we're prioritizing candidates in our key hubs: Atlanta, Austin, Boston, Chicago, Denver, Los Angeles, New York City, and San Francisco. While we value the energy of our hub communities, we embrace remote work and welcome applications from exceptional talent across the United States.

The Perks

Flexible PTO : We offer non-accrual PTO, plus 11 company holidays.

Fully-paid health benefits plan for employees : including Medical, Dental, and Vision and an HSA match.

Family Leave : All employees receive 12