Security GRC Engineering Manager

Summary

Join Grafana Labs as a Security Engineering Manager to lead the GRC team, developing and implementing security strategies, and ensuring compliance with industry certifications. You will be responsible for building and improving security programs in a cloud-based SaaS environment. This highly technical role requires significant engineering acumen and strong leadership skills. The ideal candidate will have experience with compliance automation, security assessments, and collaboration with cross-functional teams. Grafana and LGTM are highly successful open-source projects, and this role involves working with a large-scale distributed system. Compensation includes a competitive salary and benefits.

Requirements

• Proven expertise in automating security compliance processes using tools, scripts, and frameworks (e.g., Terraform, Ansible, or custom scripts)
• Experience integrating compliance checks into CI/CD pipelines to ensure ongoing adherence to security policies and standards
• Ability to develop and maintain Infrastructure as Code (IaC) configurations that align with organizational security and regulatory requirements
• Deep understanding of industry-recognized security frameworks, standards, and certifications, such as ISO 27001, SOC 2, PCI DSS, NIST, or GDPR
• Demonstrated experience in conducting gap analyses, preparing for audits, and ensuring compliance with relevant security certifications
• Knowledge of emerging trends and updates in compliance standards to ensure continuous alignment with best practices
• Strong capability to manage multiple complex projects and deadlines simultaneously, ensuring timely delivery of security and compliance objectives
• Proficiency in using project management tools and methodologies (e.g., Agile, Kanban, or Gantt charts) to track progress and coordinate with cross-functional teams
• Skilled in prioritizing tasks based on risk, impact, and organizational goals, maintaining focus under tight timelines
• A solid foundation in security principles, architecture, and risk management
• Hands-on experience with security tools (e.g., vulnerability scanners, SIEM platforms, and compliance reporting tools)
• Ability to assess, report, and remediate security vulnerabilities in a fast-paced environment
• Strong interpersonal skills to collaborate with diverse stakeholders, including engineers, compliance officers, and leadership teams
• Clear and effective communication of complex technical and compliance issues to non-technical audiences
• Experience in creating and delivering documentation, training, and awareness programs related to security assurance and compliance
• A proactive approach to identifying and solving compliance and security challenges
• Ability to innovate and improve existing processes, leveraging automation and modern tools to enhance efficiency

Responsibilities

• Lead our security assurance team covering a range of areas, including certifications, application security, cloud security, and internal tooling development
• Develop, implement, and maintain security assurance programs to ensure compliance with organizational and regulatory requirements (e.g., ISO 27001, SOC 2, GDPR, NIST, PCI-DSS)
• Conduct security assessments and audits of systems, networks, applications, and vendors to identify vulnerabilities and ensure mitigation efforts are effective
• Drive how Grafana implements automation to ensure compliance (verify Compliance as Code)
• Define, optimize, and implement the engineering strategy in concert with the security leadership team, ICs and stakeholders across the business
• Regular 1:1s, coaching and mentoring to ensure your team members are motivated, happy and engaged. Providing continuous feedback to ensure that they can add value while maintaining high standards
• Collaborate with cross-functional teams to integrate security controls into the software development lifecycle and operational processes
• Work closely with legal and compliance teams to manage security certifications and regulatory obligations
• Contributing to and reviewing design documents for upcoming projects. Ensuring projects are well-defined and ready for development. Advise on how to break down projects into tasks

Preferred Qualifications

• A degree in Computer Science, Information Security, or related field (or equivalent experience)
• Hands-on experience in cloud environments (AWS, Azure, or Google Cloud) and their compliance frameworks
• Excellent communication and interpersonal skills to collaborate with technical and non-technical teams
• Strong problem-solving and analytical skills
• Ability to manage multiple projects simultaneously and meet deadlines in a fast-paced environment
• High attention to detail and commitment to maintaining confidentiality and integrity
• A technical background, ideally with programming or software engineering experience, before transitioning into security & leadership
• Working knowledge of Grafana Labs OSS projects and products. Experience in using observability tooling to solve security problems
• Experience working with OSS communities
• Experience securing large-scale distributed systems

Benefits

• Equity
• Bonus (if applicable)