GRC Engineer
FrankieOne
Job Description
<h5>The Role</h5><p>At <a href="https://himalayas.app/companies/frankieone">FrankieOne</a>, where we revolutionise identity verification and onboarding to be swift, seamless, and scalable, your role as GRC Engineer is crucial and plays a pivotal role in assessing and prioritising information security and cybersecurity risks across the organisation. Your technical and automation skills, combined with your ability to manage risks and ensure compliance, make you a key player in our cybersecurity strategy.</p><p>You will be at the heart of ensuring continuous compliance and audit readiness - not through manual, point-in-time effort, but by engineering automation that does the heavy lifting. You will design and build automated evidence collection, continuous control monitoring, and security metrics pipelines that keep our compliance posture live and audit-ready at all times. You will also automate and streamline third-party and security risk management, from vendor risk assessments through to keeping our risk register continuously up to date, and support various external and customer audits and due diligence requests with reusable, automated evidence.</p><p>Our team is specialised and handles our most strategic and high-value projects. We are looking for an individual who can not only own and lead the administration and maintenance of our critical business systems - ensuring compliance, security, and efficiency across the board - but who also brings an automation-first mindset, constantly seeking to replace repetitive manual GRC work with scalable, repeatable, and auditable automated workflows.</p><h5>Your Ticket to Success:</h5><p>Be an advocate. For <a href="https://himalayas.app/companies/frankieone">FrankieOne</a>, for the product, for our people, and for our values.</p><p>You will have excellent analytical and problem-solving skills; be proactive, with the ability to work autonomously, with a sense of urgency and positive attitude, to prioritize and manage multiple tasks in a fast-paced environment.</p><p>You will also have strong written and verbal communication skills, along with a proven ability to build and manage relationships with different stakeholders.</p><h5>Responsibilities:</h5><ul><li><p>Maintain continuous compliance with relevant standards (e.g. ISO 27001 and SOC 2)</p></li><li><p>Conduct security risk assessments across the organisation and of third-parties</p></li><li><p>Maintain up-to-date audit evidence, project plans, risk register and continuous improvement registers etc.</p></li><li><p>Support external security audit and customer assessments and conduct internal assessments</p></li><li><p>Assisting with Management reviews and reports, Policy management and Security Awareness program</p></li><li><p>Key member of the response team in the event of information security incidents and breaches ensuring process and policy is adhered to</p></li><li><p>Proactively seek areas for improvement across our processes</p></li><li><p>Provide