Senior GRC Engineer

What will you do?• We seek a highly skilled, experienced, and self-motivated Senior GRC Engineer.As a Senior GRC Engineer you will play a critical role in fortifying our security infrastructure, ensuring compliance with industry standards such as SOC 2, HIPAA, GDPR, and ISO27001, and implementing cutting-edge security practices like Policy as Code and Shift Left Security.Compliance and Standards:• Lead efforts to maintain and enhance compliance with industry standards, including SOC2 Type2, HIPAA, GDPR, ISO27001, and USDPI.• Stay updated with current regulatory changes and ensure our security practices align with evolving requirements.• Build a unified compliance framework (UCF) that captures cybersecurity, data protection, and business continuity risks.• Create policies and processes in collaboration with security engineers such that they comply with the UCF, covering cloud security, application security, endpoint security, and data privacy.• Set up a review of all policies in practice to ensure all policies are adhered to at all times. Review and validate if the approach/solution taken to address the security and privacy risks/policies is appropriate.• Data Privacy: To be able to guide various teams on data protection practices. Review legal documents related to security/privacy as and when required.• Be the subject matter expert (SME) for security and privacy compliance and address queries/scenarios that might arise from different departments.• Stay up to date with security compliance frameworks and best practices to contribute towards the overall security posture of Atlan.Policy as a Code• Identify the opportunities for implementing Policy as a Code, to minimise manual intervention.• Partner with security engineers to drive the implementation of Policy as Code methodologies to automate and enforce security policies throughout the organization.Shift Left Security• Advocate and identify Shift Left Security practices to embed security into the early stages of the development lifecycle.• Partner with security engineers across Cloud Infra and IT team in driving implementation of shift left security practices, such as :Embedding security practices in SDLC & Cloud infrastructure.• Embedding the GRC team approvals/reviews in day-to-day processes to enable better governance.GRC Tools• Utilise GRC tools such as Vanta, to streamline security processes and enhance efficiency.• Maintain a good security score on VANTA by coordinating with different stakeholders.• Evaluate and implement additional tools to support the automation of security tasks and assessments.Training / Awareness• Create security and privacy training and awareness content and deliver training through creative and innovative means to create maximum impact.Vendor and Client Security Assessment - Carry out assessments as and when required.ARR Improvement• Collaborate with stakeholders to enhance Annual Recurring Revenue (ARR) through improved security measures.• Implement security strategies that align with organizational goals and customer expectations.What makes you a great match for us? 😍• Proven experience demonstrating a deep understanding of security frameworks (SOC 2, HIPAA, GDPR, ISO27001, USDPI) and Policy as Code• Experience identifying and driving the "Shift Left Security" culture• Proficiency with GRC automation tools (Vanta) and a strong understanding of ISO Security Standards• Excellent communication and collaboration skills – you'll be working closely with various teams across the organization• Adaptability to a flexible work environment with global stakeholders across different geos• Prior experience creating and implementing a Unified Compliance Framework (UCF) with a heavy focus on improving cyber security posture for SaaS organizations• High Ownership and ability to run multiple security projects simultaneously• Ability to go the extra mile being flexible to drive measurable improvements to Atlan's security posture keeping business objectives in mind.