Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
GRC Engineer image - Rise Careers
Job details

GRC Engineer

About One

One’s mission is simple - to help customers achieve financial progress. We’re doing this by creating simple solutions to help our customers save, spend, borrow, and grow their money – all in one place.

The U.S. consumer today deserves better. Millions of Americans today can’t access credit, build savings or wealth, and are left to manage their financial lives through multiple disconnected apps. Almost a quarter of U.S. adults are unbanked or underbanked and roughly 80% of fintech users rely on multiple accounts to manage their finances.

What makes us unique? We are backed by a preeminent fintech investor (Ribbit) and the world’s largest retailer (Walmart), maintain the speed and independence of a startup, and employ a strong (and growing) collection of world-class talent.

There’s never been a better moment to build a business that helps people achieve financial progress. Come build with us!

The role

As a GRC Engineer, you will be instrumental in the oversight and operation of One’s Information Security program, including its third party risk management program. You will have the opportunity to manage and execute One’s information security risk management processes, including performing third party due diligence reviews, managing identified security risks, and working on assessments conducted by other independent parties, such as auditors, partners, and vendors. You will also have opportunities to identify control & process gaps and lead efforts to remediate such gaps.

This role is responsible for: 

  • Performing appropriate due diligence on One’s third-party vendors and partners’ capabilities around data protection, business continuity, and platform security.

  • Review contractual agreements and documents to ensure they meet internal standards and requirements for information security and privacy. 

  • Engage with both technology and business teams as a consultant for any security-related issues that affect One’s product features and offerings. 

  • Identify and track security risks throughout One’s environment and drive them to remediation with the appropriate stakeholders. 

  • Assist in audits conducted by external parties by performing internal readiness assessments, facilitating walkthroughs with key stakeholders, gathering relevant evidence, and driving remediation of any gaps identified. 

  • Assist in reviewing One’s compliance with privacy requirements and regulations as part of its product operations.

You bring

  • 10+ years of experience in information security, internal and third party risk management, and/or audit management. 

  • Strong knowledge of various industry standard frameworks such as NIST, SOC 2, PCI DSS, HiTrust, etc.

  • Thorough knowledge of enterprise-scale security architecture, cloud security, and business continuity program best practices.

  • The ability to explain security concepts to both technical and non-technical stakeholders.

  • Domain knowledge of multiple disciplines including IT systems, networking, security, and compliance. 

  • Relevant certifications (such as AWS Certified Solutions Architect, CISSP, etc.) are a plus.

What it’s like working @ One

  • Competitive cash

  • Benefits effective on day one

  • Early access to a high-potential, high-growth fintech

  • Generous stock option packages in an early-stage startup

  • Employer Provident Fund contributions

  • Comprehensive health insurance for you and your family (health insurance, accident and disability insurance, term life insurance), including mental health support and wellness programs

  • Flexible time off programs – vacation, sick and other paid leaves and paid regional holidays

  • Monthly transport allowance over and above fixed cash for office commutes

  • Monthly work-from-home stipend over and above fixed cash for internet and utilities

  • Hybrid working model – work with our team in Bengaluru three times a week

Leveling Philosophy

In order to thoughtfully scale the company and avoid downstream inequities, we’ve adopted a flat titling structure at One. Though we may occasionally post a role externally with a prefix such as “Senior” to reflect the external level of the position, we do not use prefixes in titles like that internally unless in a position which manages a team. Internal titles typically include your specific functional responsibility, such as engineering, product management or sales, and often include additional descriptors to ensure clarity of role and placement within our organization (i.e. “Engineer, Platform”, “Sales, Business Development” or “Manager, Talent”). Employees are paid commensurate with their experience and the internal level within One.

Inclusion & Belonging

To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at talent@one.app.

Average salary estimate

$135000 / YEARLY (est.)
min
max
$120000K
$150000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About GRC Engineer, ONE

Are you ready to take your expertise to the next level? Join One as a GRC Engineer in the vibrant city of Bangalore! At One, we’re on a mission to help our customers reach financial progress by simplifying their experiences in managing money. This is more than just a job; it’s an opportunity to play a pivotal role in shaping our Information Security program, particularly our third-party risk management strategies. As a GRC Engineer, your responsibilities will be dynamic and varied. You'll conduct thorough due diligence on vendors, ensuring they meet our robust standards for data protection and security. Collaborating with both technology and business teams, you’ll consult on security concerns that impact our innovative product features. You’ll also have the chance to lead audits and internal assessments, identifying any security risks and driving necessary remediation efforts. This role is designed for a seasoned professional with over 10 years of experience in information security and risk management, ready to leverage their knowledge of industry frameworks like NIST and SOC 2. At One, we value innovation, collaboration, and diversity, and we’re committed to creating a flexible workplace where you can thrive alongside our world-class team. So, are you excited to make a difference in fintech? Join us at One, where your skills can directly contribute to empowering individuals to achieve financial stability and success.

Frequently Asked Questions (FAQs) for GRC Engineer Role at ONE
What are the responsibilities of a GRC Engineer at One?

As a GRC Engineer at One, your responsibilities will include overseeing the Information Security program, performing third-party due diligence reviews, managing security risks, and assisting in audits. You will engage with various teams to address security issues, identify control gaps, and lead remediation efforts to enhance our security posture.

Join Rise to see the full answer
What qualifications do I need to apply for the GRC Engineer position at One?

To apply for the GRC Engineer position at One, candidates should have 10+ years of experience in information security and risk management. A strong understanding of industry-standard frameworks like NIST and SOC 2, along with relevant certifications, is highly beneficial. Coupled with communication skills for both technical and non-technical audiences, these qualifications will set you up for success.

Join Rise to see the full answer
How does One support its GRC Engineers in their professional development?

One is committed to the growth of its GRC Engineers by offering competitive salaries, comprehensive benefits, and opportunities for professional certification. Being a part of a rapidly growing fintech organization, you'll have significant learning experiences and exposure to cutting-edge security practices that foster career advancement.

Join Rise to see the full answer
What type of work environment can a GRC Engineer expect at One?

At One, GRC Engineers can expect a flexible and supportive work environment. We offer a hybrid working model that encourages collaboration in our Bangalore office and also accommodates remote work. Moreover, we value diversity and inclusion, making it a welcoming place for everyone.

Join Rise to see the full answer
What benefits does One offer to GRC Engineers?

GRC Engineers at One enjoy a myriad of benefits, including comprehensive health insurance, generous stock options, employer contributions to Provident Fund, and flexible time off programs. Our unique work-from-home stipend and monthly transport allowance further enhance the work-life balance you can achieve while contributing to our mission.

Join Rise to see the full answer
Common Interview Questions for GRC Engineer
Can you explain your risk management strategy as a GRC Engineer?

When answering this question, outline your systematic approach to identifying, assessing, and prioritizing risks. Discuss the frameworks you rely on, such as NIST or SOC 2, and give examples of how you’ve successfully mitigated risks in previous roles.

Join Rise to see the full answer
How do you ensure vendor compliance with security standards?

In your response, emphasize your approach to conducting thorough due diligence reviews. Highlight the importance of reviewing contractual agreements and assessing the vendors' capabilities in data protection and business continuity as part of your compliance strategy.

Join Rise to see the full answer
Describe a situation where you had to communicate complex security concepts to non-technical stakeholders.

Share a specific example where clear communication was crucial. Explain how you broke down complex information into relatable terms, ensuring understanding among different stakeholders, thus promoting a culture of security across the organization.

Join Rise to see the full answer
What experience do you have with audits, and how have you prepared for them?

Discuss your hands-on experience with audits, whether internal or external, emphasizing your role in readiness assessments. Offer insights into how you gather evidence, facilitate departmental walkthroughs, and address gaps during the audit process.

Join Rise to see the full answer
What role does continual improvement play in your GRC processes?

Explain how you regularly assess and refine your GRC processes to adapt to changing threats and compliance requirements. Sharing methodologies you've employed, like post-incident reviews or regular stakeholder feedback, shows your commitment to proactive risk management.

Join Rise to see the full answer
How do you stay updated on the latest cybersecurity trends and frameworks?

Mention your commitment to continuous learning through reading industry publications, attending conferences, or participating in online courses. Highlight any relevant certifications you pursue to ensure your skills and knowledge remain current.

Join Rise to see the full answer
Can you share an example of a security gap you identified and how you remediated it?

Provide a concise breakdown of a specific security gap you discovered. Focus on the steps you took to address it, such as forming cross-functional teams, implementing new controls, or providing training for staff, demonstrating your problem-solving skills.

Join Rise to see the full answer
What tools or technologies do you find essential for a GRC Engineer?

Discuss the tools and technologies, like risk management platforms or compliance solutions, you commonly use to streamline processes. Sharing your reasons for selecting specific tools based on your experience can display your technical proficiency.

Join Rise to see the full answer
How do you prioritize tasks when managing multiple security risks?

Articulate your process for assessing risk levels and determining urgency. By discussing criteria such as potential impact and compliance requirements, you can illustrate your strategic approach to prioritization.

Join Rise to see the full answer
What do you see as the biggest challenge facing GRC Engineers today?

Reflect on contemporary issues such as evolving cyber threats or compliance challenges. Share your perspective on how GRC Engineers can address these challenges through robust strategies and collaboration across teams.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
ONE Remote No location specified
VIEW
Posted 5 days ago
Mission Driven
Inclusive & Diverse
Growth & Learning
Transparent & Candid
Flex-Friendly
401K Matching
Paid Sick Days
Paid Time-Off
Medical Insurance
Equity
Maternity Leave
Paternity Leave
Photo of the Rise User
ONE Remote No location specified
VIEW
Posted 5 days ago
Mission Driven
Inclusive & Diverse
Growth & Learning
Transparent & Candid
Flex-Friendly
401K Matching
Paid Sick Days
Paid Time-Off
Medical Insurance
Equity
Maternity Leave
Paternity Leave
Photo of the Rise User
Experian Remote Boulevard "Tsarigradsko shose" 86, Sofia , Bulgaria
VIEW
Posted 15 hours ago
Photo of the Rise User
G-P Remote United States (Remote-First)
VIEW
Posted 2 days ago
Photo of the Rise User
Coupang Internal Hybrid Mountain View, USA
VIEW
Posted 9 days ago
Photo of the Rise User
Keyloop Remote UK (Homeworking)
VIEW
Posted 3 days ago
Photo of the Rise User
Adree Remote No location specified
VIEW
Posted 12 days ago
Photo of the Rise User
Axiom Software Solutions Limited Remote No location specified
VIEW
Posted 8 days ago
I
Ignite Hybrid No location specified
VIEW
Posted 8 days ago
Photo of the Rise User
University of Maryland Medical System Remote Columbia, MD
VIEW
Posted 11 days ago
Photo of the Rise User By ONE

We're seeking team members who are hungry, humble, and honest to help us build simple solutions for people to save, spend, and grow their money — all in one place.

88 jobs
MATCH
Calculating your matching score...
BADGES
Badge Flexible CultureBadge Future MakerBadge InnovatorBadge Office VibesBadge Rapid Growth
CULTURE VALUES
Mission Driven
Inclusive & Diverse
Growth & Learning
Transparent & Candid
BENEFITS & PERKS
Flex-Friendly
401K Matching
Paid Sick Days
Paid Time-Off
Medical Insurance
Equity
Maternity Leave
Paternity Leave
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
INDUSTRY
TEAM SIZE
LOCATION
EMPLOYMENT TYPE
Full-time, hybrid
DATE POSTED
January 12, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok