Senior GRC Engineer

Senior GRC Engineer At Docker, we make app development easier so developers can focus on what matters. Our remote-first team spans the globe, united by a passion for innovation and great developer experiences. With over 20 million monthly users and 20 billion image pulls, Docker is the #1 tool for building, sharing, and running apps—trusted by startups and Fortune 100s alike. We’re growing fast and just getting started. Come join us for a whale of a ride! As an experienced Senior GRC Engineer, you’ll be a trusted advisor, collaborating closely with engineering and product teams to ensure security and compliance is a cornerstone of every product. You’ll partner with leadership to shape product strategy, advocate for strong security controls and influence future product iterations. By leveraging your deep industry knowledge, and expertise in programming and automation, you’ll drive the development and implementation of Governance, Risk and Compliance frameworks. You will develop and optimize automated solutions to streamline compliance processes, improve risk management workflows, and integrate GRC tools supporting Docker’s systems. This is a unique opportunity to make a foundational impact on the security of an innovative, fast-growing company by building scalable, proactive solutions that protect both our platform and the customers who trust us. RESPONSIBILITIES: - Design, develop, and maintain automation automation workflows to streamline GRC processes such as compliance monitoring, controls, reporting and risk assessments - Implement and customize GRC platforms using programming languages and APIs - Develop scripts and tools to automate repetitive GRC tasks, such as audit evidence collection and control testing - Build and maintain dashboards for real-time risk and compliance monitoring using data visualization tools - Monitor, assess, and mitigate risks by leveraging automated systems and data-driven insights. - Support internal and external audits by providing automated solutions for data collection and evidence generation. - Cross collaborate between multiple security disciplines, supporting security engineering initiatives - Establish partnerships with internal/external auditors, regulators, business stakeholders develop security requirements and controls. - Perform critical data security reviews over newly released products and features. - Oversee and maintain the Risk Register and Risk Management program to document, measure, and report assessments, risks, controls findings, and remediation activity - Develop and maintain security metrics, using automated and manual processes to produce relevant KPIs about the governance program - Draft and maintain corporate Information Security policies and departmental procedures and maps them to relevant control standards - Builds and maintains company awareness and education progress around compliance - Stay current with regulatory and industry standards (e.g., ISO 27xxx, SOC 2, GDPR, NIST) and ensure compliance requirements are met - Manage Dockers vendor due diligence process ensuring compliance and security controls are met. QUALIFICATIONS: - Have 6 to 8 years of experience in Information Technology, Security Engineering, Governance, Risk and Compliance - Proven experience in GRC engineering with a strong focus on automation and programming - Proficiency in programming languages such as Python, and Golang - Will have familiarity setting up APIs and Webhooks, at least one scripting language, and at least one public cloud architecture and control tool - Hands-on experience with cloud environments, (e.g., AWS, Azure, Google Cloud) and their compliance automation tools - Experience with DevSecOps practices and integrating security compliance into CI/CD pipelines - In-depth knowledge of security framework controls as they apply to public cloud (AWS, GCP), and SaaS environments - Have knowledge of information security risk management and information securit ... (truncated, view full listing at source)