Position Details

Type Full-Time

Experience senior

Exp. Years 5+ years

Education Bachelor's degree in Information Security, Computer Science, Engineering, or equivalent professional experience

Category Cybersecurity

About this role

GRC Engineer focused on governance, risk, and compliance across cloud platforms, driving SOC 2, ISO 27001, and CMMC programs and automating evidence collection and continuous control testing.

Key Responsibilities

Compliance program management
Audit readiness & coordination
GRC automation & tooling
Governance, policies & standards
Risk & vendor risk management

Technical Overview

Cloud security governance with automation via Vanta; strong cloud compliance knowledge (AWS/Azure/GCP), risk assessments, audit collaboration, and policy development.

Ideal Candidate

The ideal candidate is an experienced GRC professional skilled in SOC 2, ISO 27001, and CMMC within cloud environments, capable of leading audits and embedding compliance into cloud deployments with automation.

Must-Have Skills

5+ years of experience in GovernanceRisk & Compliance (GRC) or security complianceExperience applying SOC 2ISO 27001and/or CMMC to cloud environmentsExperience leading audit readiness activities and working directly with auditorsStrong collaboration with engineering and cloud operations teamsBachelor's degree in Information SecurityComputer ScienceEngineeringor equivalent professional experienceMicrosoft Azure Security Engineer Associate Certification (Required)In-depth knowledge of cloud architecturesIAMloggingmonitoringExperience with cloud-based vulnerabilities and remediationFamiliarity with SOC 2ISO 27001CMMCNIST 800-53CIS Benchmarks

Nice-to-Have Skills

Vanta for automated evidence collectionGRC automation toolingExperience with CI/CD pipelinesPython scriptingSecurity frameworks (CMMCSOC 2SOC 3) advanced

Tools & Platforms

AzureAmazon Web ServicesGoogle Cloud PlatformVantaCI/CD pipelinesTerraformGitLabPythonAWSGCPAzure

Required Skills

GRCSOC 2ISO 27001CMMCcloud platforms (AWSGCPAzure)audit readinessevidence collectionautomationVantaCI/CDTerraformGitLabPythonIAMloggingmonitoringNIST 800-53CIS Benchmarks

Hard Skills

Microsoft AzureAzure Security Engineer AssociateAzure CloudAWSGCPCloud SecurityInfrastructure as CodeCI/CDTerraformGitLabPythonVulnerability managementThreat modelingIncident responseNIST 800-53CIS BenchmarksVantaSOC 2ISO 27001CMMCAudit readiness

Soft Skills

communicationcollaborationability to work with multiple teamsanalytical thinkingdocumentation

Certifications

Preferred

CISACISSPISO 27001 Lead Auditor/Implementer

Industry & Role

Industry SaaS

Job Function Lead cloud compliance programs and automations to strengthen SpyCloud’s GRC posture

Role Subtype GRC Engineer

Tech Domains Azure, Microsoft 365, Azure, Amazon Web Services, Google Cloud Platform, NIST 800-53, CIS Benchmarks, Terraform, GitLab, Python, Vanta

Keywords for Your Resume

g rc engineersoc 2iso 27001cmmccloud platforms aws gcp azureaudit readinessvantaevidence collectionautomationci/cdterraformgitlabiamnist 800-53cis benchmarksthird party cloud risk assessmentsvulnerability managementincident triageAzure Security Engineer AssociateSOC 2ISO 27001CMMCTerraformGitLabVantaCI/CDIaC

Deal Breakers

No Azure cloud security experience, No Azure Security Engineer Associate certification, Lack of experience with SOC 2/ISO 27001/CMMC, Inability to work remotely

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

Sr. Cloud Information Security Engineer

Get matched to jobs like this