Security GRC Specialist

Modal, Inc

$90K — $130K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3-7+ years in security GRC, compliance, or security engineering-adjacent roles
  • Hands-on experience with frameworks like SOC 2, ISO 27001, or similar
  • Experience in supporting audits and customer-facing security conversations
  • Comfortable working with engineers and understanding systems (cloud, infra, APIs, etc.)
  • Ability to translate compliance language into technical implementations

Responsibilities

  • Own and operate compliance frameworks (e.g., SOC 2, ISO 27001, GDPR)
  • Drive audits end-to-end, including readiness, evidence collection, and auditor coordination
  • Continuously improve controls and reduce compliance overhead through automation
  • Lead responses to customer security questionnaires, RFPs, and due diligence requests
  • Partner with Sales and Customer Success to unblock deals and build trust
  • Work directly with engineering teams to design and implement practical security controls
  • Run risk assessments across systems, vendors, and processes

Benefits

  • Flexible working environment
  • Opportunities for professional development
  • Collaboration with cross-functional teams
  • Focus on innovation without compromising compliance
  • Emphasis on building customer trust through security
Full Job Description
The Role:

We're looking for a hands-on Security GRC Specialist to own and scale our security and compliance programs while working closely with engineering and product teams. This role is central to building customer trust, enabling sales, and ensuring we meet evolving regulatory and security expectations without slowing down innovation.

You won't just maintain compliance, you'll help shape how we build secure systems.

What You'll Do:

Compliance & Security Programs
  • Own and operate compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, etc.)
  • Drive audits end-to-end: readiness, evidence collection, auditor coordination
  • Continuously improve controls and reduce compliance overhead through automation

Customer Trust & Sales Enablement
  • Lead responses to customer security questionnaires, RFPs, and due diligence requests
  • Partner with Sales and Customer Success to unblock deals and build trust
  • Develop and maintain security documentation (trust center, whitepapers, FAQs)

Engineering Collaboration
  • Work directly with engineering teams to design and implement practical security controls
  • Translate compliance requirements into technical, scalable solutions
  • Identify gaps and drive remediation projects (not just report them)

Risk & Governance
  • Run risk assessments across systems, vendors, and processes
  • Maintain policies and standards, but keep them lightweight and actionable
  • Track and report on security posture and compliance status

Process & Tooling
  • Improve how we manage compliance (evidence collection, control mapping, automation)
  • Evaluate and implement GRC/security tools where appropriate


Requirements:
  • Core Experience
    • 3-7+ years in security GRC, compliance, or security engineering-adjacent roles
    • Hands-on experience with frameworks like SOC 2, ISO 27001, or similar
    • Experience supporting audits and customer-facing security conversations

    Technical Mindset (Important)
    • Comfortable working with engineers and understanding systems (cloud, infra, APIs, etc.)
    • Ability to translate between compliance language and technical implementation
    • Experience with modern cloud environments (AWS/GCP/Azure) is a strong plus

    Execution & Ownership
    • Proactive and hands-on-you drive changes, not just track them
    • Able to balance rigor with pragmatism in a fast-moving environment
    • Strong communication skills, especially with customers and cross-functional teams

    Bonus
    • Experience building or scaling a GRC program from early stages
    • Familiarity with automation in compliance workflows
    • Background in security engineering or DevOps
How We Think About This Role:
  • Compliance is a means to build trust, not the end goal
  • GRC should enable the business, not slow it down
  • The best candidates are technical, pragmatic, and collaborative

Similar Jobs

More Jobs at Modal, Inc

More Information Technology Jobs

Find similar Security GRC Specialist jobs: