GRC Engineer

As a Senior GRC Engineer, you will play a critical role in fortifying our security infrastructure, ensuring compliance with industry standards such as SOC 2 HIPAA, GDPR, and ISO27001 and implementing cutting-edge security practices like Policy as Code and Shift Left Security.

Compliance and Standards:

- Lead efforts to maintain and enhance compliance with industry standards, including SOC2 Type2 HIPAA, GDPR, ISO27001 and USDPI.

- Stay updated with current regulatory changes and ensure our security practices align with evolving requirements.

- Build a unified compliance framework (UCF) that captures cybersecurity, data protection, and business continuity risks.

- Create policies and processes in collaboration with security engineers such that they comply with the UCF, covering cloud security, application security, endpoint security, and data privacy.

- Set up a review of all policies in practice to ensure all policies are adhered to at all times. Review and validate if the approach/solution taken to address the security and privacy risks/policies is appropriate.

Data Privacy:

- To be able to guide various teams on data protection practices. Review legal documents related to security/privacy as and when required.

- Be the subject matter expert (SME) for security and privacy compliance and address queries/scenarios that might arise from different departments.

- Stay up to date with security compliance frameworks and best practices to contribute towards the overall security posture of Atlan.

Policy as a Code:

- Identify the opportunities for implementing Policy as a Code, to minimize manual intervention.

- Partner with security engineers to drive the implementation of Policy as Code methodologies to automate and enforce security policies throughout the organization.

Shift Left Security:

- Advocate and identify Shift Left Security practices to embed security into the early stages of the development lifecycle.

- Partner with security engineers across Cloud Infra and IT team in driving implementation of shift left security practices, such as: Embedding security practices in SDLC and Cloud infrastructure.

- Embedding the GRC team approvals/reviews in day-to-day processes to enable better governance.

GRC Tools:

- Utilise GRC tools such as Vanta, to streamline security processes and enhance efficiency.

- Maintain a good security score on VANTA by coordinating with different stakeholders.

- Evaluate and implement additional tools to support the automation of security tasks and assessments.

Training / Awareness:

- Create security and privacy training and awareness content and deliver training through creative and innovative means to create maximum impact.

- Vendor and Client Security Assessment - Carry out assessments as and when required.

ARR Improvement:

- Collaborate with stakeholders to enhance Annual Recurring Revenue (ARR) through improved security measures.

- Implement security strategies that align with organizational goals and customer expectations.