Security GRC Specialist

Profound

$230K — $275K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years in security GRC, compliance, or related security engineering roles
  • Hands-on experience with SOC 2, ISO 27001, or similar frameworks
  • Experience in supporting audits and engaging in customer-facing security discussions
  • Comfortable collaborating with engineers on cloud infrastructure and APIs
  • Able to bridge compliance and engineering languages effectively
  • Experience with modern cloud platforms (AWS, GCP, Azure) is advantageous
  • Proactive approach with a history of driving change rather than just tracking it
  • Strong written communication skills with a focus on enterprise interactions

Responsibilities

  • Own and manage compliance frameworks like SOC 2, ISO 27001, and GDPR
  • Conduct end-to-end audits: readiness, evidence gathering, and auditor engagement
  • Enhance controls and minimize compliance burdens through automation
  • Collaborate with Sales and Customer Success to facilitate deals and build customer trust
  • Create and maintain trust center, security documentation, and whitepapers
  • Design and implement security controls with engineering across cloud systems
  • Translate compliance requirements into executable technical solutions

Benefits

  • Comprehensive benefits and perks package
  • Equity included in total compensation
  • On-site role fostering collaboration and teamwork in NYC
Full Job Description
EPDD
• New York, New York
• In-office

We are hiring a Security GRC Specialist to own and scale our security and compliance programs while working closely with engineering, sales, and customer success.

Profound sells to enterprises with serious security expectations, and our GRC function is central to closing deals, sustaining customer trust, and meeting the regulatory bar for the markets we operate in. This is not a "watch the dashboard and file the report" role. You'll shape how we build secure systems, push remediation through with engineering, and make sure compliance accelerates the business rather than slowing it down.

What you'll do
  • Own and operate our compliance frameworks: SOC 2, ISO 27001, GDPR, and others as we grow
  • Drive audits end to end: readiness, evidence collection, auditor coordination
  • Continuously improve controls and reduce compliance overhead through automation
  • Partner with Sales and Customer Success to unblock deals and build trust with security teams at Fortune 500 customers
  • Develop and maintain our trust center, security whitepapers, and customer-facing documentation
  • Work directly with engineering to design and implement practical security controls across our cloud infrastructure, data pipelines, and customer-facing surfaces
  • Partner on identity and access work (SSO, SAML, SCIM, IdP integrations) where security, compliance, and customer-facing requirements intersect
  • Translate compliance requirements into technical, scalable solutions
  • Identify gaps and drive remediation, not just report them
  • Run risk assessments across systems, vendors, and processes
  • Maintain policies and standards that are lightweight, current, and actually useful
  • Track and report on our security posture and compliance status to leadership
  • Improve how we manage compliance: evidence collection, control mapping, automation
  • Evaluate and implement GRC and security tooling where it earns its keep


Who you are
  • 7+ years in security GRC, compliance, or adjacent security engineering roles
  • Hands-on experience with SOC 2, ISO 27001, or similar frameworks
  • Experience supporting audits and leading customer-facing security conversations
  • Comfortable working with engineers and reasoning about cloud infrastructure, APIs, identity systems, and data flows
  • Able to translate between compliance language and engineering reality in both directions
  • Experience with modern cloud environments (AWS, GCP, or Azure) is a strong plus
  • Proactive and hands-on: you drive changes, you don't just track them
  • Comfortable balancing rigor with pragmatism in a fast-moving environment
  • Strong written communication, especially with enterprise customers and cross-functional partners
  • Experience building or scaling a GRC program from early stages
  • Familiarity with automation in compliance workflows
  • Background in security engineering, DevOps, or identity and access management


Location

This is an on-site role based in our NYC office, designed for builders who thrive on speed, iteration, and meaningful impact.

For this role, the expected base salary range is $230,000 to $275,000, depending on experience. Profound's total compensation package includes base salary, equity, and a full range of benefits and perks. Final compensation will depend on factors such as your skills, experience, qualifications, and location, and will be determined during the interview process. Our recruiting team will share more details about the full compensation package and benefits as you move through hiring.

#LI-PRO

Similar Jobs

More Jobs at Profound

More Information Technology Jobs

Find similar Security GRC Specialist jobs: