GRC Engineer

SpyCloud is on a mission to make the internet a safer place by disrupting the criminal underground. SpyCloud’s solutions thwart cyberattacks and protect more than 4 billion accounts worldwide. Cybersecurity is an exciting, evolving space, and being at the forefront of the fight to disrupt cybercrime makes SpyCloud a special place to work. If you’re driven to align your career with a fantastic mission, look no further! The GRC Engineer is a role within SpyCloud’s Governance, Risk, and Compliance (GRC) department, part of the Legal Compliance organization. This position plays a critical role in strengthening SpyCloud’s compliance posture by driving audit readiness, scaling continuous control testing, and embedding compliance requirements into cloud-native systems and workflows. This role partners closely with Engineering, Security, IT, Product, and Legal teams to ensure compliance requirements are implemented effectively within cloud environments. The GRC Engineer leads complex compliance initiatives while leveraging automation and scripting to improve efficiency, accuracy, and scalability. What You'll Do: Compliance Program Framework Management Lead and support compliance programs including SOC 2, ISO 27001, and CMMC, with a strong focus on cloud-native environments. Coordinate internal and external audits, ensuring accurate evidence collection and alignment with technical stakeholders. Support customer security reviews and questionnaires by clearly articulating SpyCloud’s cloud security controls and compliance posture. Audit Readiness Continuous Controls Own continuous audit readiness across cloud platforms such as AWS, GCP, and Azure. Design and execute continuous control testing using automation and scripting (preferably Python). Partner with Engineering and Security teams to ensure compliance is embedded into system design and change management processes. GRC Automation Tooling Build, maintain, and enhance automated evidence collection workflows using Vanta. Integrate Vanta with cloud environments, identity systems, and CI/CD pipelines to support continuous compliance. Collaborate with Engineering to implement automated compliance checks within cloud deployments. Governance, Policies Standards Develop and maintain security and compliance policies, standards, and procedures aligned with cloud architecture and operational practices. Ensure governance documentation supports SOC 2, ISO 27001, and CMMC requirements while remaining practical for technical teams. Translate complex technical requirements into clear, actionable controls. Risk Management Lead risk assessments across cloud services, systems, and business processes. Identify, assess, and drive remediation of cloud security and compliance risks. Partner with stakeholders to ensure risks are understood, prioritized, and addressed. Vendor Risk Management Enhance vendor risk management workflows through automation and integration, including integration audits of third-party cloud services. Cross-Functional Collaboration Work closely with Engineering, IT, Security, Product, and Legal teams to embed compliance into architecture and design decisions. Serve as a subject matter expert for cloud compliance, control validation, and compliance automation. Requirements: Experience 5+ years of experience in Governance, Risk Compliance (GRC), security compliance, auditing, or related roles. Demonstrated experience applying SOC 2, ISO 27001, and/or CMMC requirements to cloud environments. Experience leading audit readiness activities and working directly with auditors. Strong collaboration experience with engineering and cloud operations teams. Education Bachelor’s degree in Information Security, Computer Science, Engineering, or equivalent professional experience. Technical Skills Required: Ability to understand and write code, preferably Python, to automate evidence collection and validate cloud controls. Strong knowledge of cloud architectures ... (truncated, view full listing at source)