Senior GRC Engineer

📋 Description

• • As a Senior GRC Engineer at Atlan Data Technologies Private Limited, you will be instrumental in shaping and elevating the company's compliance and security posture. This pivotal role is designed for an individual who views compliance not as a bureaucratic hurdle, but as a strategic asset that directly contributes to business success, particularly in securing enterprise deals within regulated industries like healthcare and finance.
• • You will take ownership of maturing Atlan's comprehensive compliance program, overseeing end-to-end audit execution for critical frameworks such as SOC 2, ISO 27001, ISO 42001, ISO 27701, HIPAA, and GDPR. This includes managing relationships with external auditors, orchestrating the collection of evidence from various cross-functional teams, and ensuring year-round audit readiness.
• • A significant aspect of your role will involve driving Atlan towards next-generation certifications, with a primary focus on achieving FedRAMP readiness. This entails a thorough assessment of existing platform gaps, the development of strategic roadmaps, and the transformation of new certification requirements into well-defined, planned projects rather than reactive, urgent tasks.
• • You will be the architect of Atlan's Continuous GRC Maturity Program, a 12-month, executive-sponsored initiative aimed at revolutionizing compliance from a manual, reactive process into an automated, scalable, and integrated infrastructure. This program is central to transforming compliance from a cost center into a competitive differentiator.
• • Enterprise risk management will be a key area of your responsibility. You will build and mature Atlan's risk management framework, encompassing security, operational, compliance, and third-party domains. This involves identifying, assessing, and meticulously tracking risks, translating abstract risk discussions into quantifiable metrics, assigning clear ownership, and conducting regular quarterly reviews with leadership.
• • Furthermore, you will own Atlan's vendor security assessment program from inception to completion. This includes implementing tiered vendor reviews, managing security questionnaires, establishing robust risk scoring mechanisms, and overseeing ongoing vendor monitoring. The goal is to strike an effective balance between managing vendor risk and supporting essential business needs at scale.
• • A core objective is to build and enhance the compliance automation infrastructure. You will integrate Atlan's GRC platform with cloud infrastructure, CI/CD pipelines, HR systems, and product engineering tools. This integration aims to automate evidence collection and implement continuous control testing, thereby significantly reducing the manual effort traditionally associated with audit preparation.
• • You will collaborate closely with engineering and product teams to design and implement technical controls that inherently generate auditable evidence. This proactive approach ensures that continuous testing mechanisms are in place to identify and rectify control gaps before they are discovered by external auditors.
• • The role also involves designing and operating real-time visibility into control effectiveness. This includes developing automated dashboards, providing live control status updates, and implementing alerting systems that proactively surface control gaps before audit cycles commence, preventing last-minute scrambles.
• • You will play a crucial role in building organizational compliance capability by developing awareness programs, conducting targeted training for engineering and cross-functional teams, and creating self-service dashboards to simplify compliance processes. The aim is to make secure-by-default practices the easiest and most natural way of working.
• • Embracing AI is central to this role. You will actively leverage AI tools to enhance compliance efficiency, such as drafting control narratives, triaging risk findings, summarizing evidence, and building AI-assisted workflows for continuous monitoring. A foundational understanding of AI systems will be necessary to effectively assess their associated risks.
• • This position offers significant autonomy and operates within the GRC & Platform Security team. It is an ideal opportunity for someone who is driven by a desire to innovate and improve existing processes, possessing a high degree of initiative and the ability to thrive in ambiguous environments, identifying problems and building solutions independently.