Talent.com
This job offer is not available in your country.
Security GRC Engineer

Security GRC Engineer

Employment HeroAU
22 days ago
Job description

Who we are

Employment Hero is on a mission to make employment easier and more valuable for everyone. Our Employment Operating System brings hiring, HR, payroll and benefits into an all-in-one solution.

Since our inception in 2014, we’ve scaled to a $2 billion valuation and gained a presence in 6 countries globally - Australia, New Zealand, Singapore, Malaysia, the UK and Canada. We now service over 300,000 businesses and more than 2 million employees.

The EH Way

At Employment Hero, we’re proud of our unique DNA, which we call The EH Way.

  • We are Mission First - everything we do (from what we work on, to how we allocate capital and where we focus) is driven by our Mission
  • We are Remote First - we champion a remote environment with a preference for asynchronous communication and a high degree of autonomy
  • We are AI First - we are committed to using AI to accelerate our mission; AI is not just a tool, it’s a fundamental part of how we operate, innovate, and scale
  • We are Apolitical - we do not take a position on political or social topics, unless it relates to our Mission
  • We Live by Our Values - we role model our values 100% of the time
  • We Expect High Performance - we set a high standard and we’re not satisfied with being average

This role

We’re looking for a Security GRC Engineer to help us embed governance, risk, and compliance directly into our engineering workflows. This role moves beyond traditional compliance coordination—focusing instead on building scalable, automated, and stakeholder-friendly security and risk capabilities.

You’ll be part of a team driving continuous assurance, risk-informed decision-making, and compliance-by-default design, helping ensure that security supports—not slows—our innovation and product velocity.

If you have been working on GRC automation and enjoys hands-on scripting work, or simply a developer looking to build your career in the GRC space, this is the role for you.

Your key focus areas will be

  • Integrate GRC into engineering - Work closely with development, DevOps, and product teams to implement shift-left security and GRC-as-Code practices.
  • Automate security controls and evidence collection - Design and maintain automated compliance checks, policy-as-code, and continuous monitoring systems.
  • Enhance stakeholder experience - Build security and GRC solutions that are seamless and empathetic to how teams actually work.
  • Support compliance frameworks - Help maintain ISO 27001, SOC 2, and other standards by embedding controls into workflows rather than bolting them on after the fact.
  • Monitor and measure risk - Use data and quantitative metrics to guide risk decisions and report meaningful outcomes—not just pass audits.
  • Drive continuous improvement - Identify gaps, remove friction, and prototype better ways of achieving GRC outcomes through system design and process iteration.
  • Contribute to GRC handbook - Participate in internal knowledge-sharing, open-source projects, and the broader GRC engineering ecosystem.
  • Automate security controls and evidence collection - Design and maintain automated compliance checks, policy-as-code, and continuous monitoring systems. This includes building automation using tools like n8n and integrating with Slack to facilitate timely reminders and improve workflow visibility.

    • Who you are

    To thrive at Employment Hero, you’ll need to embody The EH Way - operating with focus, agility, and an obsession with impact. For this role, you'll have

  • A strong GRC automation mindset with hands-on scripting experience
  • Dependabot usage for compliance and vulnerability management workflows
  • Jira / Slack integration and automation for audit traceability
  • Familiar with LLMs and n8n for AI-driven process improvement
  • Strong understanding of ISO 27001, SOC 2 frameworks
  • Able to translate technical risk into clear, actionable language
  • Focused on scalable, sustainable security governance practices

    • Bonus Points If You Have

  • Experience building or contributing to internal tools or open-source GRC projects.
  • A product or stakeholder-centric view of security and compliance.
  • Exposure to security tooling like Vanta, Drata or custom internal platforms.
  • Experience operating in fast-paced, product-led tech environments.

    • What we can offer

    At Employment Hero, we don’t just talk about a better way to work - we live it. Joining Employment Hero means

  • You will work remotely, with the flexibility to own your time and impact
  • You will access cutting-edge tools to amplify your work, knowledge and outputs
  • You’ll surround yourself with ambitious, outcome-driven colleagues who challenge you to do the best work of your life
  • You’ll own ESOP (employee share options) in one of the world’s fastest-growing tech companies
  • You’ll also have access to a wide range of benefits that includes - a very generous paternity leave policy, subsidised egg freezing (so you can make the choice that’s right for you, on your terms), a WFH office expense budget, and outstanding learning & development opportunities

    • At Employment Hero, we are committed to safeguarding the privacy of your application data. To understand how we do so, you can read our Applicant Privacy Policy here - https : / / employmenthero.com / legals / applicant-policy /

    Employment Hero celebrates diverse perspectives and experiences, we invite people of all backgrounds and identities to apply for this position.

    Create a job alert for this search

    Security Engineer • AU