Senior GRC Analyst

Engine is seeking a highly-skilled and motivated Senior GRC (Governance, Risk, and Compliance) Analyst to join our team. In this role, you will be responsible for strengthening our security posture, ensuring compliance with critical standards such as SOC 2, GDPR, and CCPA, and managing audits, risk assessments, and compliance tracking across the organization. You will work closely with senior leadership, employees, and external auditors to ensure that Engine adheres to best practices in governance, risk management, and compliance.

Your Mission:
As part of the Engine team, you’ll play a vital role in an environment where innovation meets collaboration. Here’s what you’ll take charge of:

• Lead the configuration and management of GRC tools (Trust Centers, Learning Management Systems, Compliance Tracking, etc.) to ensure integration with security systems.
• Manage the main dashboard for SOC 2 reporting, ensuring accuracy and compliance.
• Develop and maintain a comprehensive risk management program and conduct risk assessments.
• Manage and conduct regular audits (weekly, monthly, quarterly, and bi-annual) across business, IT, and security processes to ensure best practices and legal compliance.
• Oversee the development and execution of security procedures across multiple domains.
• Develop, update, and maintain Contingency Planning strategies and procedures, including coordination of annual tabletop drills.
• Execute routine operational tasks related to security awareness training.
• Audit the access and compliance of third-party vendors and contractors.
• Review procurement requests for security standards and ensure all engagements meet company standards and regulatory requirements.
• Collaborate cross-functionally to identify and monitor security controls, map security controls to issues and risks, and mature the audit processes related to security controls that apply across multiple security frameworks.

What You’ll Bring to Engine:
We’re looking for someone who’s ready to make an impact and grow alongside us:

• Proven experience in managing GRC functions, ideally within a fast-paced, high-growth company.
• Strong understanding of ISO 27001, SOC 2, GDPR, CCPA, PCI-DSS, and SOX compliance standards.
• Excellent organizational, communication, and leadership skills.
• Ability to manage complex GRC initiatives and work across multiple teams.
• Ability to handle high-stress situations and effectively manage IT emergencies.
• Skilled in using GRC platforms and tools to manage compliance and risk management activities.
• Strong knowledge of security concepts, including risk management, identity and access management (IAM), key management, data protection, and network security.
• Track record of building security/GRC programs across various domains.
• Certifications such as CISA, CISM, CISSP, CRISC, or CCEP
• Experience with data protection and privacy law compliance.
• Familiarity with cloud security components of platforms like AWS, GCP, or Azure.
• Excellent problem-solving, analytical, and communication skills.
• Ability to work collaboratively with cross-functional teams, including IT, engineering, and HR teams.
• A passion for mentoring others.