Role overview
First and foremost, we’re looking for people who are excited about what we’re doing—you don’t need to know anything about metabolic health, but should be excited to learn. We’re building in an entirely new space, so you’ll be able to use creativity to help us solve problems and delight our customers.
We’re hiring a Governance, Risk, and Compliance (GRC) Engineer to help us both define and implement our security and compliance posture. This is an individual contributor role with leadership and project management requirements that combines hands-on engineering work—building tools, configuring systems, automating controls—with policy-level responsibilities like working with auditors, drafting policies, and helping the organization navigate regulatory frameworks.
If you enjoy switching between writing Terraform and writing a compliance narrative, you’ll feel right at home here.
Our back end stack is Node/TypeScript, Postgres, Redis, and GraphQL, deployed via Aptible and AWS. We use React Native for mobile, React with tRPC on the front end, and Vanta to automate compliance workflows and evidence collection.
Key Responsibilities:
- Security Compliance Engineering: Build and maintain systems that enforce security and compliance controls—like IAM automation, access reviews, audit log pipelines, vulnerability scanning, and evidence collection tooling.
- Policy Development: Draft, revise, and manage security and compliance policies to meet the needs of frameworks like SOC 2, HIPAA, and beyond. Ensure policies are grounded in reality and reflected in systems.
- Audit Support: Partner with external auditors, respond to evidence requests, track remediation, and ensure clarity between documented policies and technical implementation.
- Vanta Administration: Own and operate our use of Vanta to manage control status, evidence collection, integrations, and user access.
- Risk Exception Management: Own the risk register, manage exceptions, and drive mitigation efforts by collaborating directly with engineering, product, and operations.
- Monitoring Reporting: Build dashboards and reporting mechanisms that show compliance posture, track risk, and surface gaps in real time.
- Developer Enablement: Create tools and workflows that help engineers stay compliant and secure—without slowing them down.
- Security Culture Awareness: Help build a security-aware culture by embedding practical guidance into onboarding, documentation, and tooling.
Requirements
- Love thinking broadly and creatively about problems in order to solve them efficiently.
- Worked remotely before, or know that you’d work well with a remote team.
- Excited for a front-row seat into a fast growing, early stage company. Things will change a lot!
- Embrace challenges with a positive, we can fix this, attitude.
- Preference for ambiguity, open-ended problems. Solve them with ownership and growth mindset.
- Build trust with team and show transparency. Humble and willing to help others.
- Enjoy thinking through trade-offs, with both mindfulness of short-term needs and our long-term direction.
- Experience with TypeScript or JavaScript (or excited to learn TypeScript), and using/building GraphQL APIs.
- Experience with PostgreSQL or a similar RDBMS.
- Experience designing maintainable systems, APIs, and integrations.
- Strong understanding of legal and regulatory compliance standards such as SOC-2, GDPR, HIPAA, etc.
- Familiarity with common security frameworks like NIST Cybersecurity Framework or ISO 27001, and how to apply them pragmatically in fast-paced environments.
- Experience with IT GRC/Integrated Risk Management (IRM) platforms.
- Knowledge of enterprise-scale security architecture, cloud security, and business continuity program best practices and industry standards.
- Happy writing documentation so that others can ramp up super easily and you’re never a single-source-of-failure.
Benefits
You can see read more about our benefits (Levels), which includes medical, dental, and vision insurance in addition to generous paid time off policies.
Originally posted on Himalayas
Share: