GRC Engineer

Job not on LinkedIn

🔥 0 minutes ago

🇺🇸 United States – Remote

⏰ Full Time

🟡 Mid-level

🟠 Senior

🚔 Compliance

🦅 H1B Visa Sponsor

info
Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of ButterflyMX

ButterflyMX

201 - 500 employees

Founded 2014

🔐 Security

🔧 Hardware

🏠 Real Estate

💰 Private Equity Round - ButterflyMX on 2025-01

Security • Hardware • Real Estate

ButterflyMX is a provider of integrated property access control and security solutions for multifamily, commercial, student housing, and gated communities. The company combines sleek hardware—video intercoms, security cameras, smart locks, keypads, vehicle access readers, and package room systems—with cloud-managed software so property owners, managers, residents, and visitors can control access via smartphones, automate operations, and integrate with existing proptech. ButterflyMX focuses on improving security, streamlining building operations, and enhancing resident experience across thousands of properties.

📋 Description

• Own and continuously mature the company risk register; design a risk management workflow that uses AI tooling to surface, score, and route emerging risks with minimal manual intervention, ensuring the register reflects real-time posture, not a quarterly snapshot. • Lead external audit management (SOC 2 Type II); automate evidence collection pipelines in Vanta so that audit cycles are driven by continuous monitoring rather than evidence sprints, and begin scoping a readiness path for ISO 42001 (AI management systems). • Engineer the Trust and Assurance program for scale: build automated intake and triage workflows for security questionnaire requests, deploy AI-assisted response generation against a curated knowledge base, and expand the trust portal so that partner due diligence is largely self-service. • Build a vendor and supply chain risk program that goes beyond static spreadsheets. Design automated vendor intake, tiered risk scoring, and continuous monitoring triggers (news alerts, rating service integrations, release notes, expiration tracking) that surface risk without requiring manual sweeps. • Redesign and maintain security and privacy policies; use AI to draft, version, and track policy updates, and build a lightweight workflow for owner review, approval, and attestation that doesn't require a ticketing system to chase people down. • Own common controls monitoring in Vanta. Configure and tune integrations, checks, and alerting so that control failures surface automatically to the right owners, not just to a GRC inbox. Drive the organization toward an always-on compliance posture. • Modernize the security awareness and training program. • Design and operationalize an integrated compliance calendar covering SOC 2, security and IT systems licensing renewals, applicable state privacy regulations, and any other active frameworks with automated reminders and status tracking rather than manual coordination. • Support the CISO and General Counsel on operational privacy practices: administer cookie consent management tooling, handle or route data subject requests (DSRs) through a documented and auditable workflow, and help maintain the company's privacy notice and data mapping inventory. • Monitor the regulatory and compliance landscape, including AI governance developments (EU AI Act, NIST AI RMF, ISO 42001). Proactively surface changes that require a policy, control, or product response. • Leverage AI tools across every GRC workflow; this role is expected to demonstrate measurable efficiency gains through automation and tooling, not simply to own a portfolio of manual processes.

🎯 Requirements

• 3+ years of experience in GRC, information security compliance, or risk management. • Working knowledge of SOC 2 (Trust Services Criteria), with hands-on experience supporting or leading audits. • Familiarity with additional frameworks is a strong plus: CIS Controls v8, NIST CSF, NIST AI RMF, NIST Privacy Framework, NIST SP 1800 series, NIST 800-53 r5, ISO 42001, ISO 27701, ISO 27001, OWASP Top 10 for Agentic Applications, MITRE D3FEND, MITRE SoT, MITRE ALTAS. • Experience conducting rapid third-party/vendor risk assessments and managing a supply chain risk program. • Strong organizational skills with the ability to manage multiple concurrent workstreams and deadlines. • Excellent written communication, capable of drafting clear, audience-appropriate policy documents and executive risk summaries. • Experience with Vanta platform (or equivalent) • Relevant certifications a plus: CISA, CRISC, CISSP, CIPP, or equivalent. • Proven experience with leveraging AI tools in both professional and personal settings. ButterflyMX is an AI-forward organization and the ability to optimize efficiency using AI is crucial in every role.

🏖️ Benefits

• Comprehensive Medical, Dental and Vision plans (ButterflyMX covers 80% of the cost) starting day 1 • 401(k) plan with a match • 10 paid holidays, 20 vacation days, 5 sick days, 3 floating holidays • Basic Life and Accidental Death and Dismemberment Insurance (ButterflyMX covers 100% of the cost) • Short and Long Term Disability (ButterflyMX covers 100% of the cost) • Paid Family Leave • Employee Assistance Program • Quarterly self-care stipends • Access to optional benefits including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance • And more!

Apply Now

Similar Jobs

🔥 4 minutes ago

Second Nature

201 - 500

☁️ SaaS

🏠 Real Estate

🤝 B2B

Resident Insurance & Compliance Solutions Advisor assisting clients with insurance and business registration processes. Delivering high-quality support with empathy and professionalism for a remote-first company.

🇺🇸 United States – Remote

💵 $60k - $65k / year

💰 $16.4M Series C on 2020-03

⏰ Full Time

🟡 Mid-level

🟠 Senior

🚔 Compliance

🔥 18 minutes ago

Crypto.com

1001 - 5000

₿ Crypto

💳 Fintech

🔐 Security

Analyst role in Market Regulation team at Crypto.com’s U.S. derivatives exchange enforcing exchange rules. Monitoring trading activity in derivatives markets to detect potential violations of regulations.

🔥 26 minutes ago

Henry Schein

10,000+ employees

⚕️ Healthcare Insurance

💊 Pharmaceuticals

🤝 B2B

Regulatory Affairs Specialist in EHS roles focusing on compliance and safety in North America. Collaborating on policies and procedures to align with regulatory standards across various sites.

🔥 45 minutes ago

US Anesthesia Partners

5001 - 10000

⚕️ Healthcare Insurance

💊 Pharmaceuticals

🔬 Science

Payer Compliance Specialist I analyzing allowed amounts and resolving payer issues for US Anesthesia Partners. Communicating with RCM departments and insurance companies to ensure compliance and accuracy.

🇺🇸 United States – Remote

💵 $16 - $26 / hour

⏰ Full Time

🟢 Junior

🟡 Mid-level

🚔 Compliance

🚫👨‍🎓 No degree required

🔥 5 hours ago

Givelify

51 - 200

🤲 Charity

🤝 Non-profit

☁️ SaaS

Risk and Compliance Specialist for Givelify monitoring compliance with payment regulations and supporting fraud prevention initiatives across teams.