Himalayas Remote / WFH Teknologi & IT Full Time

GRC Engineer

FrankieOne

United States Salary not disclosed Posted 4 days ago
Location United States
Salary Salary not disclosed
Job Type Full Time · Remote
Country Amerika Serikat

Job Description

Full details about the role and requirements

Yukerja Summary

The GRC Engineer role at FrankieOne is curated from Himalayas (category Teknologi & IT). This role is marked as remote — check timezone and location requirements on the official listing. Yukerja.com is not the employer — applications are handled on the official source site.

The Role

At FrankieOne, where we revolutionise identity verification and onboarding to be swift, seamless, and scalable, your role as GRC Engineer is crucial and plays a pivotal role in assessing and prioritising information security and cybersecurity risks across the organisation. Your technical and automation skills, combined with your ability to manage risks and ensure compliance, make you a key player in our cybersecurity strategy.

You will be at the heart of ensuring continuous compliance and audit readiness - not through manual, point-in-time effort, but by engineering automation that does the heavy lifting. You will design and build automated evidence collection, continuous control monitoring, and security metrics pipelines that keep our compliance posture live and audit-ready at all times. You will also automate and streamline third-party and security risk management, from vendor risk assessments through to keeping our risk register continuously up to date, and support various external and customer audits and due diligence requests with reusable, automated evidence.

Our team is specialised and handles our most strategic and high-value projects. We are looking for an individual who can not only own and lead the administration and maintenance of our critical business systems - ensuring compliance, security, and efficiency across the board - but who also brings an automation-first mindset, constantly seeking to replace repetitive manual GRC work with scalable, repeatable, and auditable automated workflows.

Your Ticket to Success:

Be an advocate. For FrankieOne, for the product, for our people, and for our values.

You will have excellent analytical and problem-solving skills; be proactive, with the ability to work autonomously, with a sense of urgency and positive attitude, to prioritize and manage multiple tasks in a fast-paced environment.

You will also have strong written and verbal communication skills, along with a proven ability to build and manage relationships with different stakeholders.

Responsibilities:
  • Maintain continuous compliance with relevant standards (e.g. ISO 27001 and SOC 2)

  • Conduct security risk assessments across the organisation and of third-parties

  • Maintain up-to-date audit evidence, project plans, risk register and continuous improvement registers etc.

  • Support external security audit and customer assessments and conduct internal assessments

  • Assisting with Management reviews and reports, Policy management and Security Awareness program

  • Key member of the response team in the event of information security incidents and breaches ensuring process and policy is adhered to

  • Proactively seek areas for improvement across our processes

  • Provide insightful advice and value-added guidance on process and control enhancements.

  • Share information with managers to avoid surprises and ensure timely delivery.

  • Stay up-to-date with industry procedures and methods.

  • Manage security standards, policies, and practices annually to meet corporate demands.

  • Respond to inquiries from business units about ongoing operational compliance.

  • Collaborate with all areas in the business ensuring compliance with ISO27001 and SOC 2 standards and company policies.

  • Automate control monitoring and testing, building scripts or integrations that continuously validate control operation and flag failures or drift, rather than relying on point-in-time manual checks.

  • Streamline the vendor/third-party risk assessment lifecycle through automation - automating questionnaire distribution, evidence intake, risk scoring, and reassessment scheduling, and integrating vendor data with the risk register.

In a Previous Life You Have:
  • Worked in remote teams for offshore clients, with atleast 3 years of information security experience with emphasis on risk and compliance in a similar sized business.

  • 2+ years of expertise conducting ISO 27001 and SOC 2 audits and handling audit responses.

  • Good understanding of regulatory compliance requirements (ISO 27001, SOC 2, NIST, PCI, GDPR, etc.).

  • Knowledge of security practices like identity and access management, encryption, backups, secure software development life cycle, vulnerability management etc.

  • Familiarity with GRC tool techniques and best practices (e.g. Drata, Vanta etc.)

  • Proven track record of contributing or managing risk and compliance projects.

  • Successfully managed third-party audits, compile evidence, and organise audit responses.

  • Familiarity with GRC platform APIs and building integrations across cloud, security, and ITSM tooling.

  • Experience translating manual compliance processes into automated, repeatable, auditable workflows.

  • Project management experience highly preferred

Preferred Qualifications
  • Bachelor’s degree in information cybersecurity, risk management, governance, or a related field is highly desirable, but not mandatory.

  • ISO 27001 Lead Auditor, CISA, CISM, CRISC or CISSP certification (or working toward certification)

Originally posted on Himalayas

Disclaimer: Yukerja.com is a job aggregator, not an employer. This listing is aggregated from Himalayas. Applications are processed on the official company or source site. We are not responsible for listing accuracy.

Tips for Applying to GRC Engineer

  1. Read the full description and ensure your skills match before applying to FrankieOne.
  2. Tailor your CV and cover letter to keywords in the job description — especially for Teknologi & IT roles.
  3. Click Apply Now to go to Himalayas. The hiring process is entirely on the source site.
  4. Prepare an updated portfolio or LinkedIn profile if required during screening.
  5. Beware of payment requests — legitimate jobs do not charge application fees.

Related articles: CV ATS · Career Blog & Tips