← Back to list
Job · Senior

Senior Security Engineer, GRC Automation

Security Engineer • Senior • Remote • Full-time • 📍 Remote (North America)

Senior Security Engineer - GRC Automation role at 1Password, designing and implementing automation, dashboards, and integrations that power Governance, Risk, and Compliance (GRC) operations. You will partner directly with the Senior Manager of GRC to build automation that scales the company's security and privacy commitments, from audit readiness and policy enforcement to customer trust workflows. A key focus is operationalizing and expanding the GRC platform (Drata), building AI-assisted workflows that automate evidence collection, control monitoring, and vendor risk, and owning delivery from scoping through go-live. The role sits at the intersection of security engineering, compliance, and platform operations, and includes representing the technical narrative to auditors. This is a remote opportunity within the US or Canada.

Responsibilities

  • Lead the implementation and integration of the GRC platform, ensuring it is fully operationalized across key systems and workflows
  • Build out automated workflows for control testing, evidence collection, and audit readiness
  • Design and deploy AI-assisted compliance workflows including agentic evidence collection, LLM-powered vendor questionnaire review, and automated control narrative drafting, with clear validation logic
  • Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management)
  • Manage project delivery across multiple GRC automation initiatives simultaneously, maintaining clear scope, milestones, and stakeholder visibility
  • Design dashboards and reporting to track control health, trust signals, and audit performance
  • Collaborate across Security, GRC, and Engineering to embed compliance into operational processes like onboarding, change management, and incident response
  • Own the roadmap for automated, resilient internal assurance infrastructure, including build vs. buy decisions

Requirements

  • 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles
  • Proven experience working with GRC, compliance, or audit teams to build automation supporting evidence collection, control testing, or security monitoring
  • Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments
  • Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
  • Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
  • Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53 and how they map to real-world infrastructure
  • Project management and delivery ownership: experience managing multi-workstream compliance or security projects end-to-end
  • Experience building AI-assisted workflows with LLMs, agentic tools, or automation pipelines to solve a GRC or compliance problem, with validation of output
  • Confident in auditor-facing settings, able to represent automation work to external auditors, senior stakeholders, and executive audiences

Nice to have

  • Hands-on experience with event-driven automation platforms like Tines for control validation and alerting
  • Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in tools like Looker or Metabase
  • Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging)
  • Experience in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content
  • Familiarity with EU AI Act, NIST AI RMF, or emerging AI governance frameworks
  • CISA, CISSP, or equivalent certification, or actively working toward one

Soft skills

Compliance-as-infrastructure mindset, thinking in terms of automation coverageSystems thinking, able to explain how an automation changed downstream workflowsAI tradeoff reasoning: understanding where non-deterministic AI is acceptable vs. where deterministic guarantees matterStrong cross-functional collaboration skillsConfident communicator in technical walkthroughs and auditor-facing settings

What we offer

  • USA-based: annual base salary between $153,000 and $214,000 USD
  • Canada-based: annual base salary between $144,000 and $202,000 CAD
  • Equity grant (RSU program for most employees) and participation in incentive programs where applicable
  • Competitive health and dental benefits, 401k (US) / RRSP (Canada)
  • Maternity and parental leave top-up programs
  • Generous PTO policy
  • Retirement matching program
  • Free 1Password account
  • Paid volunteer days
  • Peer-to-peer recognition through Bonusly
  • Remote-first work environment