GRC Engineer

SpyCloud is on a mission to make the internet a safer place by disrupting the criminal underground. SpyCloud's solutions thwart cyberattacks and protect more than 4 billion accounts worldwide. Cybersecurity is an exciting, evolving space, and being at the forefront of the fight to disrupt cybercrime makes SpyCloud a special place to work. If you're driven to align your career with a fantastic mission, look no further! The GRC Engineer is a role within SpyCloud's Governance, Risk, and Compliance (GRC) department, part of the Legal \& Compliance organization. This position plays a critical role in strengthening SpyCloud's compliance posture by driving audit readiness, scaling continuous control testing, and embedding compliance requirements into cloud\-native systems and workflows. This role partners closely with Engineering, Security, IT, Product, and Legal teams to ensure compliance requirements are implemented effectively within cloud environments. The GRC Engineer leads complex compliance initiatives while leveraging automation and scripting to improve efficiency, accuracy, and scalability. **What You'll Do:** * Compliance Program \& Framework Management * + Lead and support compliance programs including SOC 2, ISO 27001, and CMMC, with a strong focus on cloud\-native environments. + Coordinate internal and external audits, ensuring accurate evidence collection and alignment with technical stakeholders. + Support customer security reviews and questionnaires by clearly articulating SpyCloud's cloud security controls and compliance posture. * Audit Readiness \& Continuous Controls * + Own continuous audit readiness across cloud platforms such as AWS, GCP, and Azure. + Design and execute continuous control testing using automation and scripting (preferably Python). + Partner with Engineering and Security teams to ensure compliance is embedded into system design and change management processes. * GRC Automation \& Tooling * + Build, maintain, and enhance automated evidence collection workflows using Vanta. + Integrate Vanta with cloud environments, identity systems, and CI/CD pipelines to support continuous compliance. + Collaborate with Engineering to implement automated compliance checks within cloud deployments. * Governance, Policies \& Standards * + Develop and maintain security and compliance policies, standards, and procedures aligned with cloud architecture and operational practices. + Ensure governance documentation supports SOC 2, ISO 27001, and CMMC requirements while remaining practical for technical teams. + Translate complex technical requirements into clear, actionable controls. * Risk Management * + Lead risk assessments across cloud services, systems, and business processes. + Identify, assess, and drive remediation of cloud security and compliance risks. + Partner with stakeholders to ensure risks are understood, prioritized, and addressed. * Vendor Risk Management * + Enhance vendor risk management workflow