About this role
Senior GRC Engineer to strengthen governance, risk, and compliance posture by driving audit readiness, continuous control testing, and embedding compliance into cloud-native systems. Partners with Engineering, Security, IT, Product, and Legal.
Key Responsibilities
- Lead and manage compliance programs including SOC 2, ISO 27001, and CMMC
- Own continuous audit readiness across AWS, GCP, and Azure
- Design and execute continuous control testing via automation and scripting (Python)
- Build, maintain, and enhance automated evidence collection workflows using Vanta
- Develop and maintain security and compliance policies, standards, and procedures aligned with cloud architecture
Technical Overview
Focus on SOC 2, ISO 27001, CMMC; cloud platforms AWS/GCP/Azure; automation using Python; Vanta-based evidence collection; CI/CD pipelines integration; security controls.
Ideal Candidate
The ideal candidate is a senior GRC professional with 5+ years in cloud governance and security compliance, adept at leading SOC 2/ISO 27001/CMMC programs and working with auditors. They should be proficient in automating evidence collection (Python) and embedding controls into cloud deployments with AWS/GCP/Azure.
Must-Have Skills
5+ years of experience in GovernanceRisk & Compliance (GRC)security complianceauditingor related rolesDemonstrated experience applying SOC 2ISO 27001and/or CMMC requirements to cloud environmentsExperience leading audit readiness activities and working directly with auditorsStrong collaboration experience with engineering and cloud operations teamsBachelor's degree in Information SecurityComputer ScienceEngineeringor equivalent professional experienceAbility to understand and write codepreferably Pythonto automate evidence collectionStrong knowledge of cloud architecturesIAMloggingmonitoringand cloud security best practicesHands-on experience using Vanta for compliance automation and integrationsFamiliarity with SOC 2ISO 27001CMMCNIST 800-53and CIS Benchmarks
Nice-to-Have Skills
Certifications such as CISACISSPCCSKCCAKor ISO 27001 Lead Auditor/ImplementerExperience with CI/CD pipelinessecure development practicesor cloud security engineeringExperience conducting integration audits or third-party cloud risk assessments
Tools & Platforms
VantaAmazon Web ServicesGoogle Cloud PlatformMicrosoft Azure
Required Skills
5+ years of experience in GRC/security/compliance/auditing; SOC 2ISO 27001CMMC in cloud; audit readiness; Python scripting for evidence collection; cloud architectures IAM logging monitoring; Vanta; NIST 800-53; CIS Benchmarks; CI/CD pipelines; AWS/Azure/GCP
Hard Skills
PythonVantaAmazon Web ServicesGoogle Cloud PlatformMicrosoft AzureIAMloggingmonitoringSOC 2ISO 27001CMMCNIST 800-53CIS BenchmarksCI/CD pipelines
Soft Skills
Strong written and verbal communicationAbility to work independentlyAnalyticalProblem-solvingCollaboration
Certifications
Preferred
CISACISSPCCSKCCAKISO 27001 Lead Auditor/Implementer
Keywords for Your Resume
GRC EngineerSOC 2ISO 27001CMMCcloud-nativeAWSAmazon Web ServicesMicrosoft AzureGoogle Cloud PlatformGCPPythonVantaaudit readinesscontinuous controlsevidence collectionIAMloggingmonitoringNIST 800-53CIS BenchmarksCI/CD pipelinescloud architectures
Deal Breakers
5+ years of GRC experience, Bachelor's degree in a related field, No Python automation experience, No experience applying SOC 2/ISO 27001/CMMC to cloud environments, Unable to work in a remote US-based setting
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile