Job Drop BerlinYOUR WAY INTO BERLIN TECH
NewsletterLinkedIn
AboutTermsImpressumPrivacy

GRC Engineer - Platform Team

TTaktile
Seniority
Midweight
Model
Hybrid
Sector
Fintech
Salary
Undisclosed
Contract
Full-Time

As a GRC Engineer on the Platform Team, you'll own the controls, evidence, and processes that keep Taktile secure, compliant, and continuously audit-ready. You'll be the engineering-minded backbone of our compliance program, turning frameworks like SOC 2, ISO 27001, GDPR, and the EU AI Act into automated, continuously-monitored controls rather than one-off, point-in-time checklists.

What you'll do

  • Own continuous compliance end-to-end; SOC 2, ISO 27001, and customer security reviews, keeping us audit-ready year-round rather than scrambling at renewal time.
  • Manage and evolve the compliance roadmap, prioritizing initiatives against business and customer needs; own Vanta end-to-end, including tasks, documentation, integrations, and automated evidence collection.
  • Lead quarterly access reviews across all systems in collaboration with IT and Engineering, ensuring findings are tracked through to remediation.
  • Run vendor risk reviews and DPIAs for new tools (especially AI tooling) and help teams adopt new software quickly without compromising our risk posture.
  • Serve as the technical voice on customer security questionnaires and DPAs, working alongside Sales and Legal to keep deals moving.
  • Define and report compliance and risk KPIs to leadership, giving them a clear, ongoing view of our posture and where investment is needed.
  • Partner with the Security Architect to identify and close gaps between written policy and actual control implementation.

What you'll need

  • 4+ years in GRC, security compliance, or audit readiness at a SaaS company, ideally in a regulated environment (Finance, Insurance, Healthcare).
  • Has owned a SOC 2 program end-to-end (must-have), ideally ISO 27001 too, from gap analysis through audit and maintenance; familiar with GDPR, PCI DSS, and the EU AI Act.
  • Deep experience running Vanta (or Drata/Secureframe) as a continuous compliance backbone, not a point-in-time checklist.
  • Technically hands-on: comfortable scripting against AWS APIs to automate evidence collection, with a solid grasp of software development and security concepts.
  • A strong writer and communicator who can turn around a 200-row security questionnaire quickly and accurately, and translate fluently between compliance and technical teams.

Nice to have

  • Experience with customer trust programs (Trust Center, FAQs, security whitepapers).
  • DORA / EU AI Act / fintech regulatory exposure.
  • Has shipped engineering-led automation (not just dashboards).
  • Familiarity with NIST CSF, CIS Controls, or GDPR/DPAs.

What they offer

  • Top-of-market equity and cash compensation package.
  • Self-development budget for conferences, books, and classes.
  • Equipment of your choice including home office set-up.
  • Flat hierarchy with direct access to founding team members.
  • Mentorship from experienced leaders and network of top tech investors and advisors.
APPLY →