GRC Engineer - Platform Team
Taktile
Seniority
Midweight
Model
Hybrid
Sector
Salary
Undisclosed
Contract
Full-Time
As a GRC Engineer on the Platform Team, you'll own the controls, evidence, and processes that keep Taktile secure, compliant, and continuously audit-ready. You'll be the engineering-minded backbone of our compliance program, turning frameworks like SOC 2, ISO 27001, GDPR, and the EU AI Act into automated, continuously-monitored controls rather than one-off, point-in-time checklists.
What you'll do
- Own continuous compliance end-to-end; SOC 2, ISO 27001, and customer security reviews, keeping us audit-ready year-round rather than scrambling at renewal time.
- Manage and evolve the compliance roadmap, prioritizing initiatives against business and customer needs; own Vanta end-to-end, including tasks, documentation, integrations, and automated evidence collection.
- Lead quarterly access reviews across all systems in collaboration with IT and Engineering, ensuring findings are tracked through to remediation.
- Run vendor risk reviews and DPIAs for new tools (especially AI tooling) and help teams adopt new software quickly without compromising our risk posture.
- Serve as the technical voice on customer security questionnaires and DPAs, working alongside Sales and Legal to keep deals moving.
- Define and report compliance and risk KPIs to leadership, giving them a clear, ongoing view of our posture and where investment is needed.
- Partner with the Security Architect to identify and close gaps between written policy and actual control implementation.
What you'll need
- 4+ years in GRC, security compliance, or audit readiness at a SaaS company, ideally in a regulated environment (Finance, Insurance, Healthcare).
- Has owned a SOC 2 program end-to-end (must-have), ideally ISO 27001 too, from gap analysis through audit and maintenance; familiar with GDPR, PCI DSS, and the EU AI Act.
- Deep experience running Vanta (or Drata/Secureframe) as a continuous compliance backbone, not a point-in-time checklist.
- Technically hands-on: comfortable scripting against AWS APIs to automate evidence collection, with a solid grasp of software development and security concepts.
- A strong writer and communicator who can turn around a 200-row security questionnaire quickly and accurately, and translate fluently between compliance and technical teams.
Nice to have
- Experience with customer trust programs (Trust Center, FAQs, security whitepapers).
- DORA / EU AI Act / fintech regulatory exposure.
- Has shipped engineering-led automation (not just dashboards).
- Familiarity with NIST CSF, CIS Controls, or GDPR/DPAs.
What they offer
- Top-of-market equity and cash compensation package.
- Self-development budget for conferences, books, and classes.
- Equipment of your choice including home office set-up.
- Flat hierarchy with direct access to founding team members.
- Mentorship from experienced leaders and network of top tech investors and advisors.

