Governance, Risk, and Compliance (GRC) Engineer - job 1 of 2

As a GRC Engineer at ClickHouse, you will define and deliver compliance programs, validate compliance-relevant changes with engineering, perform compliance monitoring tasks, and work closely with various teams including Operations, Marketing, and Security to maintain effective governance frameworks.

To be considered for the GRC Engineer role at ClickHouse, candidates should have over 7 years of experience in IT audit, GRC, or information security. Certifications like CISA, PCIP, or CIPP are advantageous, along with a thorough understanding of security compliance frameworks and cloud compliance levers.

A GRC Engineer at ClickHouse plays a vital role in shaping the company culture by promoting collaboration, actively sharing knowledge, and seeking feedback. As part of the first 200 employees, your contributions will influence the core values and operational efficiencies of our growing team.

At ClickHouse, GRC Engineers have ample opportunities for professional growth through hands-on experience, collaboration with various departments, and continuous learning within a fast-paced environment, ultimately allowing engineers to enhance their skills and expand their career.

ClickHouse offers a variety of benefits to remote GRC Engineers, including flexible work hours, employer contributions towards healthcare, stock options, flexible time off, and a generous home office setup allowance to ensure a productive work environment.

When responding, highlight your hands-on experience with frameworks such as SOC 2, ISO 27001, and FedRAMP, and describe how you've implemented these frameworks in cloud environments like AWS or Azure. Use specific examples to illustrate your understanding and application.

Show your familiarity with reviewing vendor compliance by discussing the steps you take, such as assessing risk levels, validating compliance certifications, and coordinating with relevant stakeholders. Provide examples where you've successfully managed vendor assessments.

Discuss your systematic approach to compliance monitoring, mentioning techniques such as regular audits, employee onboarding procedures, risk assessments, and compliance checks. Be sure to emphasize any tools or technologies you've used.

Elaborate on how you engage with engineering teams, validating compliance-related changes by ensuring documentation is up-to-date and conducting product testing. It's important to convey effective communication and teamwork experiences.

Identify a specific challenge you've encountered, whether it's related to a compliance audit or adapting to new regulations, and describe the steps you took to resolve the issue. Highlight any collaborative efforts with other departments to showcase teamwork.

Walk through the steps you took to design and implement the program, from planning through execution. Use this as an opportunity to demonstrate your strategic thinking and project management skills.

Discuss your commitment to continuous learning through subscriptions to industry publications, participation in relevant webinars, or involvement in professional networks that keep you updated on compliance trends and changes.

Be specific about the GRC tools you've experience with, discussing how you've effectively utilized them in monitoring compliance, reporting, or assessing risk levels. Mention any notable successes you achieved by using these tools.

Explain your time management techniques and prioritization strategies, such as using frameworks to classify tasks by urgency and complexity, while collaborating with teams to ensure critical deadlines are met.

Illustrate the importance of clear and effective communication in your GRC role, whether it's for training employees on compliance programs or coordinating with stakeholders during audits. Providing examples can enhance your response.