GRC Engineer

GRC Engineer About WorkOS 🚀 WorkOS builds modern developer tools and APIs that make it easy for companies to become Enterprise Ready. Our platform powers authentication, identity, authorization, and other critical infrastructure that developers need to securely scale their products to large organizations. We recently raised a $100M Series C, valuing the company at $2B, led by Meritech and Sapphire with participation from Greenoaks, Craft, Abstract, and Audacious. WorkOS powers enterprise features for many of the fastest-growing AI companies, including OpenAI, Cursor, and Perplexity, Vercel, and Plaid. As AI reshapes software, WorkOS is at the frontier of Human and Agent Authentication, Identity, and Access Control—helping companies answer a new critical question: who are your agents, and what are they allowed to do? Our fast-growing customer base includes hundreds of modern software companies building the next generation of enterprise-ready products. About the Security Team The Security team at WorkOS is responsible for keeping the data and identities of hundreds of millions of customers secure. Security is fundamental to our products, and customer trust is the foundation of our success. We are a highly collaborative group with a strong engineering mindset. Our security program is shaped by hands-on experience attacking and defending systems, and applying lessons from across the industry. We embrace the latest advancements in practices and tooling that make modern security teams effective. Today, our team spans product security, cloud security, and detection & response. We are expanding our internal GRC function to scale our compliance, risk, and customer trust programs as we grow. About the Role We are looking for a GRC Engineer to build and own WorkOS's Governance, Risk, and Compliance program. WorkOS has foundational compliance in place; SOC 2, HIPAA, GDPR, PCI-DSS SAQ D, and a growing set of customer and regulatory obligations. What we are looking for now is a leader for our compliance function: someone who can own our existing frameworks, drive us into the next tier of certifications, partner directly with our enterprise customers to reinforce the trust they've placed in us, and turn manual compliance work into durable, automated systems. You will work with security leadership to navigate our GRC program. You will help set the strategy, shape the roadmap, and build the systems and culture that make compliance a byproduct of how we build software. This is a remote position, open to candidates based in Canada or the United States. What You'll Do - Own our compliance function. Frameworks, policies, controls, and audits are yours. Make compliance part of how we ship software, not a separate track. - Lead our next certifications. Drive initiatives for FedRAMP and other frameworks; scoping the controls, documentation, and collaborating with others across the organization to make it happen. - Partner directly with customers. Be the voice of our compliance program to our customers. Support audits, enable sales on compliance-gated deals, and build on the trust we've established with the companies that depend on us. - Own risk across WorkOS. Run our risk and third-party risk programs. Identify risks as they emerge, drive remediation, and surface signal to leadership. - Build GRC-as-code. Write code and tooling to automate the parts of GRC that don't need a human, and leverage AI where it fits. Who You Are - A builder, not just an operator. You write code, build systems, and automate. You are looking for a role where you want to build systems that generate evidence automatically. - Framework-fluent. You have hands-on experience implementing or auditing SOC 2 and other major framework (ISO 27001, PCI DSS, NIST 800-53, FedRAMP), and you can reason about new frameworks from first principles. - A strong partner to engineering. You build trust by understanding engineers' priorities and making the compliant path th ... (truncated, view full listing at source)