Sr. GRC Engineer

Sr. GRC Engineer WHO WE ARE Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm. Today, 95% of AI pilots fail because AI systems don’t understand the context behind data: what it means, how it’s governed, and how it should be used. Atlan connects to every part of the modern data and AI stack to unify this context into a single, shared layer that both humans and AI agents can rely on. With Atlan, teams can discover, understand, and trust their data; build and collaborate on a shared body of knowledge; and activate that context across analytics, operations, and AI workflows.Trusted by global enterprises like Mastercard, Workday, General Motors, Unilever, Ralph Lauren, FOX, Nasdaq, and Medtronic, we’re backed by world-class investors including GIC, Insight Partners, Meritech, Peak XV, and Salesforce Ventures Why this Role Matters? At Atlan, compliance isn't overhead — it's a competitive advantage that closes deals. We serve 450+ enterprise customers across healthcare, finance, and other regulated industries where security posture directly influences buying decisions. You'll own and mature our compliance program across SOC 2, ISO 27001, ISO 42001, GDPR, and HIPAA — while building toward next-generation certifications like FedRAMP. But this isn't a maintenance role. You're joining as the technical architect of our Continuous GRC Maturity Program: a 12-month, executive-sponsored initiative to transform compliance from manual firefighting into automated, scalable infrastructure. This role sits on our GRC & Platform Security team and operates with significant autonomy. If you've ever thought "there has to be a better way to do compliance," this is your chance to build it. What you'll own - Compliance program maturity — Lead end-to-end audit execution across SOC 2, ISO 27001, ISO 42001, ISO 27701, HIPAA, and GDPR. Own auditor relationships, coordinate cross-functional evidence collection, and maintain year-round audit readiness. - Next-generation framework adoption — Drive FedRAMP readiness: assess platform gaps, build roadmaps, and turn new certifications into planned projects rather than fire drills. - Enterprise risk management — Build and mature Atlan's risk management program. Identify, assess, and track risks across security, operational, compliance, and third-party domains. Turn abstract risk conversations into measurable metrics with clear ownership and quarterly leadership reviews. - Third-party risk management — Own Atlan's vendor security assessment program end-to-end: tiered vendor reviews, security questionnaires, risk scoring, and ongoing monitoring. Balance vendor risk against business need at scale. - Compliance automation infrastructure — Integrate our GRC platform with cloud infrastructure, CI/CD pipelines, HR systems, and product engineering tooling to automate evidence collection and continuous control testing. Reduce manual audit prep effort significantly. - Controls that prove themselves — Partner with engineering and product teams to design technical controls that automatically generate auditable evidence. Implement continuous testing that catches gaps before auditors do. - Continuous controls monitoring — Design and operate real-time visibility into control effectiveness: automated dashboards, live control status, and alerting that surfaces gaps before audit cycles begin — not during them. - Organizational compliance capability — Build awareness programs, run training for engineering and cross-functional teams, and create self-service dashboards that make compliance easy. Make secure-by-default the path of least resistance. What makes you a strong match Compliance depth - 5+ years owning SOC 2 Type II and/or ISO 27001 audits end-to-end — you've been the point person coordinating auditors, collecting evidence, and managing findings - Hands-on experience across multiple frameworks: SOC 2, ISO 27001, ISO 42001, and at least two of GDPR, HIPA ... (truncated, view full listing at source)