Governance, Risk, and Compliance Engineer

The Governance, Risk, and Compliance (GRC) team plays a critical role in enabling trust for our customers by designing, implementing, and maintaining compliance programs for a modern database-as-a-service platform used across a wide range of regulated industries.

The team is responsible for deeply understanding applicable compliance frameworks, translating requirements into practical, scalable controls, and partnering across the company to embed compliance into our products, systems, and day-to-day operations.

This is a highly hands-on role with broad ownership and real impact. You’ll have the opportunity to apply your expertise directly, influence technical and business decisions, and grow alongside a fast-moving organization as our compliance and security programs continue to evolve.

What you will be doing:

• Partner cross-functionally to design, implement, and maintain compliance programs, including SOC 2, ISO 27001 / 27701, PCI-DSS, HIPAA, GDPR, FedRAMP, and others as needed.
• Collaborate closely with Engineering to review and validate compliance-relevant product and infrastructure changes, including hands-on testing and documentation development.
• Execute ongoing compliance operations, including:
  • Employee security onboarding and training
  • Third-party/vendor risk assessments
  • Customer security questionnaires and audits
  • Quarterly access reviews, ASV scans, and risk assessment refreshes
• Support and enhance access governance programs in partnership with Operations, including Okta and ConductorOne onboarding, configuration, and reviews.
• Work with Marketing, Privacy and Legal to support privacy tooling, data protection initiatives, and regulatory requirements.
• Coordinate with the Security team to maintain and improve corporate security tooling, controls, and operational processes.
• Contribute to continuous improvement of GRC processes, automation, and tooling to scale with the business.

What you bring along:

• 7+ years of experience in IT Audit, Governance, Risk & Compliance, and/or Information Security.
• Bachelor’s degree in Computer Science, Information Technology, Information Systems Management, or equivalent practical experience.
• One or more relevant certifications such as CISA, PCI-P, CIPP, or equivalent.
• Strong working knowledge of major security and privacy frameworks, with hands-on experience interpreting and implementing controls in a cloud-based environment.
• Demonstrated experience using and administering GRC and security tooling.
• Excellent written and verbal communication skills, with the ability to collaborate effectively across technical and non-technical teams.
• Strong problem-solving mindset with the ability to balance risk, business needs, and scalability.
• Comfortable operating in a fast-paced, high-growth environment and acting as a trusted partner to the business.
• High level of ownership, accountability, and attention to detail.
• Ability to learn quickly, adapt to change, and take on additional responsibilities as needed.

Nice to have:

• Experience with database technologies or data-intensive platforms.
• Hands-on coding or scripting experience (e.g., automation, tooling, or security-related development).
• Experience building or scaling GRC programs in a startup or high-growth SaaS environment.