Senior GRC Security Engineer

About The Role

We are looking for a Senior Governance, Risk, and Compliance (GRC) professional to lead and strengthen our compliance and risk management program across multiple frameworks, entities, and geographies. The ideal candidate will have strong hands-on experience with SOC 2, ISO 27001, PCI DSS, and modern compliance automation platforms such as Sprinto, with the ability to build and operate a hybrid unified GRC framework for multi-geographical entities.

What You'll Do

• Lead the design, implementation, and continuous improvement of the organization’s Governance, Risk, and Compliance program.

- Manage compliance initiatives across key frameworks including SOC 2, ISO 27001, PCI DSS, and other applicable standards or regulations.

- Build and maintain a hybrid unified GRC framework that enables a common control structure across multiple legal entities, business units, and geographical regions.

- Align global baseline controls with local regulatory, legal, privacy, and operational requirements.

- Perform risk assessments, compliance gap assessments, control reviews, and remediation tracking.

- Develop, maintain, and improve policies, standards, procedures, and control documentation.

- Own audit readiness activities including evidence collection, control walkthroughs, auditor coordination, and remediation follow-up.

- Drive cross-framework control mapping to reduce duplication and improve audit efficiency across multiple compliance programs.

- Work closely with Engineering, Information Technology, Security, Legal, Privacy, Human Resources, and business teams to embed compliance requirements into operations.

- Manage third-party risk assessments, vendor due diligence, and ongoing compliance reviews for critical suppliers.

- Define and monitor Governance, Risk, and Compliance metrics, compliance status reporting, and executive dashboards.

- Support security awareness, policy governance, exception management, and ongoing program maturity...