Security GRC Engineer

Summary

Join Employment Hero, a rapidly growing global company, as a Security GRC Engineer. You will play a key role in embedding governance, risk, and compliance directly into engineering workflows. This position focuses on building scalable, automated, and user-friendly security and risk capabilities, driving continuous assurance and risk-informed decision-making. You will collaborate with development, DevOps, and product teams to implement shift-left security practices and automate compliance checks. The ideal candidate possesses a strong GRC automation mindset, hands-on scripting experience, and a deep understanding of relevant frameworks like ISO 27001 and SOC 2. This role offers the opportunity to contribute to a dynamic team and make a significant impact on the company's security posture.

Requirements

• A strong GRC automation mindset with hands-on scripting experience
• Dependabot usage for compliance and vulnerability management workflows
• Jira/Slack integration and automation for audit traceability
• Familiar with LLMs and n8n for AI-driven process improvement
• Strong understanding of ISO 27001, SOC 2 frameworks
• Able to translate technical risk into clear, actionable language
• Focused on scalable, sustainable security governance practices

Responsibilities

• Integrate GRC into engineering - Work closely with development, DevOps, and product teams to implement shift-left security and GRC-as-Code practices
• Automate security controls and evidence collection - Design and maintain automated compliance checks, policy-as-code, and continuous monitoring systems
• Enhance stakeholder experience - Build security and GRC solutions that are seamless and empathetic to how teams actually work
• Support compliance frameworks - Help maintain ISO 27001, SOC 2, and other standards by embedding controls into workflows rather than bolting them on after the fact
• Monitor and measure risk - Use data and quantitative metrics to guide risk decisions and report meaningful outcomes—not just pass audits
• Drive continuous improvement - Identify gaps, remove friction, and prototype better ways of achieving GRC outcomes through system design and process iteration
• Contribute to GRC handbook - Participate in internal knowledge-sharing, open-source projects, and the broader GRC engineering ecosystem
• Automate security controls and evidence collection - Design and maintain automated compliance checks, policy-as-code, and continuous monitoring systems. This includes building automation using tools like n8n and integrating with Slack to facilitate timely reminders and improve workflow visibility

Preferred Qualifications

• Experience building or contributing to internal tools or open-source GRC projects
• A product or stakeholder-centric view of security and compliance
• Exposure to security tooling like Vanta, Drata or custom internal platforms
• Experience operating in fast-paced, product-led tech environments

Benefits

• You will work remotely, with the flexibility to own your time and impact
• You will access cutting-edge tools to amplify your work, knowledge and outputs
• You’ll surround yourself with ambitious, outcome-driven colleagues who challenge you to do the best work of your life
• You’ll own ESOP (employee share options) in one of the world’s fastest-growing tech companies
• You’ll also have access to a wide range of benefits that includes - a very generous paternity leave policy, subsidised egg freezing (so you can make the choice that’s right for you, on your terms), a WFH office expense budget, and outstanding learning & development opportunities