Sr. GRC Security Specialist

*Native/Bilingual English is required for this role (read/written/spoken)

Please upload your CV Resume in English.

Monthly salary:

$4,000 - $5,000

Along with our partner, we’re looking for a Senior GRC (Governance, Risk, and Compliance) Security Specialist who can take ownership, operate with minimal direction, and thrive in a fast-paced startup environment. You’ll play a pivotal role in building and running client compliance programs, shaping internal processes, and setting the standard for how our partner delivers white-glove GRC services.

What You’ll Do: Lead GRC Delivery Manage compliance programs for multiple clients (SOC 2, ISO 27001, HIPAA, GDPR, etc.). Draft, review, and implement security/compliance policies tailored to client environments. Prepare clients for audits by coordinating evidence collection and working directly with auditors. Own risk registers, vendor risk management, and continuous compliance monitoring. Configure and manage compliance automation tools (Drata, SecureFrame, Vanta) to align with client needs. Client Collaboration Act as a trusted advisor in Slack channels, answering compliance/security questions in real-time. Host client-facing workshops (risk assessments, tabletop exercises). Translate complex compliance requirements into plain English for founders and engineers. Internal Impact Help define internal GRC methodology, templates, and playbooks. Work closely with the company's leadership to scale how we deliver GRC as a service.

What We’re Looking For: 5–8 years of experience in GRC, IT audit, or security compliance roles (consulting or MSP background a plus). Strong working knowledge of SOC 2, ISO 27001, HIPAA, and related frameworks. Experience with compliance automation platforms (Drata, SecureFrame, Vanta) and ticketing tools (Jira, Linear, Slack). Exceptional documentation and communication skills — can write airtight policies and present them with authority. Self-starter who thrives in ambiguity, takes full ownership, and can run client programs with little hand-holding.

Why Join: Impact: Early hire → help shape how we deliver compliance-as-a-service and grow our client base.Growth: Exposure to both compliance leadership and adjacent security engineering practices. Flexibility: Remote-first, nimble team, HQ in Southern California. A fully remote position with a structured schedule that supports work-life balance. Two weeks of paid vacation per year. 10 paid days for local holidays.

*Please note our partner is only looking for full-time dedicated team members who are eager to fully integrate within their team.