Apply ->
Senior GRC Engineer
✨ New
📍 City -
$80,000 - $100,000
# of Blk Folks
⏰ Deadline
Black Leadership
Black Founder/CEO
Job Description

A Bit About Us

ByteChek is a rapidly growing cybersecurity startup that was founded in 2020 with the mission to make compliance suck less.  Our automated SaaS platform has helped our early customers of all sizes strengthen their security posture and complete cybersecurity assessments with ease.

Our talented team thrives in a flexible and authentic remote work environment. Our core values reflect who we are and how we work:

  • Don’t take yourself too seriously
  • Be courageous
  • Pursue excellence
  • People first

When we say “people first” we mean it! In addition to offering competitive salary packages, we have structured our benefits to support the lives and well-being of our team members. A few of the ways we care for ByteChekians:

  • Health, dental, and vision benefits.
  • Unlimited Flexible time off, with at least 2 weeks of mandatory paid time off per year.
  • Flexible work hours in a trusting environment.
  • 4 day weekends to observe Federal holidays.
  • Additional holidays reflective of our values.
  • Creative and meaningful celebration of wins.

From our product, to our work culture, to our recruiting process, we strive to create an inclusive environment where people of all identities and backgrounds can be authentically themselves.


As a Senior GRC Engineer at ByteChek, you will be responsible for leading, planning, and executing SOC 2, HIPAA, ISO, and CMMC assessments. This will include evaluating the design and effectiveness of customer technology controls throughout the business cycle and helping to identify performance improvement opportunities, as well as performing technical assessments of cloud service offerings and performing direct advisory work with top tier clients on an ad hoc basis.  You will be a key point of contact for customers, and will guide information risk and security discussions with technical and non-technical groups.

Our Audit Labs team is highly collaborative, and you will work closely with our GRC Engineers, Project Managers, and Customer Success Managers to establish and support our internal and customer requirements.  On a given day, you may find yourself working with the team to enhance customer security postures to ensure proper protection of data, or performing quality assurance review of report documents for our SOC 2 Type 1 and Type 2 issuances.

You are a good teacher, and will provide leadership to our Audit Labs team. You have several years of experience executing SOC 2, HIPAA, and CMMC assessments, and will articulate the “what” and “why” of compliance requirements, empowering teams to address the “how”.  You will teach by example how to support customer scoping, assessment, security, and relationship needs. You have experience performing qualitative and quantitative risk assessments.

While you are already an experienced GRC professional, you may or may not have experience working with our unique automation tool or leading at a startup. You’ll have the opportunity to learn how to leverage our unique automation tool to streamline security assessments, while learning from all departments across our team. We encourage cross-functional collaboration, personal development, and continued growth in ways that are meaningful to you.

Within 1 month, you will…

  • Complete onboarding and meet 1:1 with all existing ByteChek team members
  • Meet with existing customers to understand why they chose ByteChek
  • Study and learn the ByteChek platform, focusing on the onboarding experience, and the primary use cases of ByteChek
  • Learn our current processes and tools for compliance assessments
  • Write and produce your first piece of ByteChek content
  • Join your first few (of many) cross-functional team meetings, and share actionable insight from your first impressions and prior experiences
  • Articulate “what” and “why” of an information security framework or compliance requirement and empower teams to address the “how”
  • Conduct a one-hour scoping call with a customer to get basic scoping information needed to issue a report

Within 3 months, you will…

  • Lead, plan, and execute a SOC 2 assessment
  • Perform technical assessments of cloud service offerings
  • Review findings and propose recommendations
  • Provide purpose, direction, and motivation to a team of GRC Engineers
  • Assist in helping enhance customer security posture to ensure that business cycle and help identify performance data are properly protected
  • Work closely with Project Managers, GRC Engineers, Customer Success Managers and other delivery team members to effectively manage project timelines and deliverables and drive customer satisfaction
  • Evaluate the design and effectiveness of technology controls throughout the business cycle and help identify performance improvement opportunities
  • Support and guide information risk and security discussions with technical and non-technical groups
  • Provide weekly status updates on assigned customers progress towards SOC 2 and other framework completion
  • Serve as advisor to GRC engineers to help them serve as customer leads to answer customer questions as it relates to building, managing or assessing their cybersecurity program
  • Perform quality assurance of report documents for SOC 2 Type 1 and Type 2 issuance
  • Lead customer use of the Bytechek platform throughout the assessment process

Within 6 months, you will…

  • Manage programs and projects with legal and technical stakeholders
  • Perform direct advisory work with top tier clients on an ad hoc basis
  • Assist in the development of enterprise control frameworks and centralized compliance programs
  • Work with ByteChek Assurance staff to complete compliance audit reports and required QA
  • Demonstrate sound working knowledge of the quality control frameworks relevant to the audit engagements
  • Supervise the execution of audit engagements to ensure that objectives are met and quality is assured
  • Have an expert level of competence in the use of the Bytechek platform
  • Conduct SOC 2 workshops and training sessions for both customers and GRC Engineers

Within 12 months, you will...

  • Lead, plan and execute SOC 2, HIPAA, and CMMC assessments
  • Establish enterprise risk management programs and conduct risk assessments
  • Provide an explanation on the risk profile of customer engagements to Bytechek leadership
  • Create audit engagement plans based on the risk
  • Escalate and communicate the strategic implications to the customer organization of audit findings