[Hiring] Senior GRC Engineer @Flock

Role Description

We are hiring a Senior GRC Engineer to build and scale an engineering-driven, automation-first, and AI-enabled approach to Governance, Risk, and Compliance (GRC). This role goes far beyond traditional GRC. You will design and implement intelligent, automated systems that integrate directly into our engineering and cloud environments—transforming compliance from a manual, point-in-time exercise into a continuous, real-time capability.

• Leverage automation, data pipelines, and emerging AI/LLM capabilities to reduce manual effort, improve signal quality, and enable proactive risk management.
• This is a high-impact role at the intersection of security engineering, compliance, and data—helping evolve GRC into a measurable, scalable, and product-aligned function.

Qualifications

• 5+ years in GRC, security engineering, or related roles.
• Experience working in cloud-native environments, AWS is a must.
• Experience supporting audits such as SOC 2, ISO 27001, or similar.
• Relevant certifications such as CISA, CRISC, FAIR, AWS Security Specialty, ISO 27001/42001 Lead Auditor certifications a plus.

Requirements

• Design and implement policy-as-code and compliance-as-code frameworks.
• Automate control testing and evidence collection using cloud and CI/CD telemetry.
• Integrate GRC processes with engineering tools and workflows.
• Develop reusable tooling and internal platforms for scalable, self-service compliance.
• Build and deploy production-grade automation leveraging LLMs and AI tooling (e.g., for control mapping, evidence analysis, and anomaly detection).
• Own the design, development, and maintenance of core GRC automation systems and services.
• Develop KPIs and KRIs using engineering and cloud data.
• Support risk quantification efforts using frameworks such as FAIR.
• Maintain and improve the security risk register.
• Apply data modeling and AI techniques to identify emerging risks and reduce false positives.
• Build automated risk scoring and prioritization models using real-time engineering and security data.
• Lead and support audits including SOC 2, ISO 27001, ISO 27701, FedRAMP and CJIS.
• Build automated audit readiness and continuous compliance processes.
• Serve as a key point of contact for internal and external auditors.
• Work with Product and Engineering teams on security and privacy requirements.
• Support customer security reviews, RFIs, and trust center initiatives.
• Collaborate with Legal and Privacy teams on regulatory alignment.
• Automate vendor assessments using AI-assisted questionnaire analysis and response validation.
• Build workflows to ingest, analyze, and score third-party risk data at scale.

Benefits

• Flexible PTO: We offer non-accrual PTO, plus 11 company holidays.
• Fully-paid health benefits plan for employees: including Medical, Dental, and Vision and an HSA match.
• Family Leave: All employees receive 12 weeks of 100% paid parental leave. Birthing parents are eligible for an additional 6-8 weeks of physical recovery time.
• Fertility & Family Benefits: We have partnered with Maven, a complete digital health benefit for starting and raising a family. Flock will provide a $50,000-lifetime maximum benefit related to eligible adoption, surrogacy, or fertility expenses.
• Spring Health: Offers a variety of mental health benefits, including therapy, coaching, medication management, and digital tools, all tailored to each individual's needs.
• Caregiver Support: We have partnered with Cariloop to provide our employees with caregiver support.
• Carta Tax Advisor: Employees receive 1:1 sessions with Equity Tax Advisors who can address individual grants, model tax scenarios, and answer general questions.
• ERGs: We offer four ERGs today - Women of Flock, Flock Proud, LEOs and Melanin Motion.
• WFH Stipend: $150 per month to cover the costs of working from home.
• Productivity Stipend: $300 per year to use on Audible, Calm, Masterclass, Duolingo and so much more.
• Home Office Stipend: A one-time $750 to help you create your dream office.