Senior GRC Engineer

Aircall is a unicorn, AI-powered customer communications platform used by 22,000+ companies worldwide to drive revenue, resolve issues faster, and scale customer-facing teams. We're redefining customer communications by bringing voice, SMS, WhatsApp, and AI together into one seamless workspace.

Our momentum comes from a simple idea: help teams work smarter, not harder. Aircall's AI Voice Agent automates routine calls, AI Assist streamlines post-call work, and AI Assist Pro delivers real-time guidance so people can do their best work. The result is higher revenue, faster resolutions, and teams that scale with confidence.

Aircall is headquartered in Paris, our European HQ, with a strong North American presence anchored in Seattle, our North American HQ, and teams across Madrid, London, Berlin, San Francisco, New York City, Sydney, and Mexico City. We've built a product customers love and a business that's scaling quickly, backed by world-class investors and driven by rapid AI innovation across multiple product lines.

At Aircall, you'll join a company in motion. We're ambitious, product-driven, and execution-focused, with visible impact, fast decisions, and real growth.

How we work at Aircall: We're customer-obsessed, data-driven, and focused on delivering meaningful outcomes. We value ownership, continuous learning, and thoughtful speed. If you thrive in a collaborative, fast-moving environment where trust and impact matter, you'll feel at home here.

Aircall is hiring a Senior GRC Engineer to build and operate the engineering backbone of our Governance, Risk & Compliance program. You'll join the Security Engineering team, reporting to the Security Engineering Manager, and partner closely with IT, Privacy, Legal, Product, and Engineering to make compliance a continuously-verified property of how we build and run Aircall - not a once-a-year audit scramble.

This is a hands-on engineering role. You'll automate controls, integrate our GRC platform with the systems that produce evidence, and turn policies into code where possible. You'll be the technical owner of SOC 2 and ISO 27001 readiness from an engineering perspective, and a key contributor to how we mature risk management, vendor security, and audit operations as Aircall scales.

This role will sit within the CTO organization, alongside Security & Infrastructure Engineering building the security foundation of a future Governance, Risk & Compliance (GRC) function.

Key Responsibilities

• Design, implement, and operate technical controls that satisfy SOC 2, ISO 27001, NIST, and GDPR requirements across our cloud (AWS), SaaS, and corporate environments.
>
• Build and maintain integrations between our GRC platform (Drata) and source systems - IdP, cloud providers, ticketing, code repositories, HRIS, endpoint management - to automate evidence collection and continuous control monitoring.
>
• Engineer "compliance-as-code" workflows: codify policies and controls, automate drift detection, and surface failing controls back to owning teams via Jira, Slack, or dashboards.
>
• Support and progressively automate audit readiness: SOC 2 Type II, ISO 27001 (and any future certifications such as HIPAA, FedRAMP, PCI as the strategy evolves), preparing evidence, walking auditors through controls, and remediating findings.
>
• Operate the enterprise risk register day-to-day: run risk assessments, track mitigations, and produce reporting that helps leadership make decisions.
>
• Build and run the technical side of the vendor security program - questionnaire automation, tiering, evidence review, and ongoing monitoring of critical vendors.
>
• Partner with IT, Product, and Engineering to embed security and compliance requirements into the SDLC, change management, access reviews, and infrastructure provisioning.
>
• Contribute to incident response from the GRC side: maintain runbooks and policies, ensure regulatory and contractual notification timelines are met, and capture evidence and lessons learned.
>
• Partner with Legal/Privacy on GDPR obligations, data residency, DPAs, and customer security commitments.
>
• Help mature security awareness and training - measuring effectiveness, not just running it.
>
• Author and maintain security policies and standards in clear, accurate language that engineers will actually read.
• Promote a security-first culture across all functions, ensuring employees understand their role in protecting company and customer data.

Qualifications

• 5+ years in security, with at least 2-3 years in a GRC engineering, security engineering, or compliance automation role at a SaaS or cloud-native company.
>
• Strong working knowledge of SOC 2, ISO 27001, NIST CSF / 800-53, and GDPR, and what it takes to actually operate (not just pass) them.
>
• Hands-on experience with a modern GRC platform (Ideally Drata) - including building or extending its integrations, not just clicking through the UI.
>
• Comfortable using AI tools to accelerate delivery and scale impact.
>
• Comfortable writing code (Python, Go, or similar) and working with cloud APIs (AWS), Terraform/IaC, and CI/CD pipelines.
>
• Solid understanding of cloud security, identity and access management, and how engineering teams ship software.
>
• Experience supporting external audits as a technical lead and remediating findings.
>
• Working knowledge of risk management frameworks and vendor security assessment.
>
• Strong written communication - you can turn a control requirement into a clear ticket, runbook, or policy that gets adopted.
>
• Bonus: relevant certifications (CISA, CISSP, ISO 27001 LI/LA, AWS/GCP security), experience with privacy engineering, or prior work building a GRC function from early stage to audit-ready.
>

$180,000 - $200,000 a year

This is not including equity and other benefits. The actual salary offered will carefully consider a wide range of factors, including your skills, qualifications, and experience.

Why join us?

Key moment to join Aircall in terms of growth and opportunities

Our people matter, work-life balance is important at Aircall

Fast-learning environment, entrepreneurial and strong team spirit

45+ Nationalities: cosmopolite & multi-cultural mindset

Competitive salary package & benefits

Medical, dental, and vision insurance is 100% covered

401k plan with company matching!

Unlimited PTO - take the time you need to come to work feeling great!

Wellness, commuter, and childcare reimbursements

Generous parental leave policy

DE&I Statement:


At Aircall, we believe diversity, equity and inclusion - irrespective of origins, identity, background and orientations - are core to our journey.


We pride ourselves on promoting active inclusion within our business to foster a strong sense of belonging for all. We're working to create a place filled with diverse people who can enrich and learn from one another. We're committed to ensuring that everyone not only has a seat at the table but is valued and respected at it by providing equal opportunities to develop and thrive.


We will constantly challenge ourselves to make sure that we live up to our ambitions around diversity, equity and inclusion, and keep this conversation open. Above all else, we understand and acknowledge that we have work to do and much to learn.

Want to know more about candidate privacy? Find our Candidate Privacy Notice here.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.