[Remote] Senior Security Engineer, GRC Automation

Note: The job is a remote job and is open to candidates in USA. 1Password is a leading cybersecurity company focused on building a safe and productive digital future. They are seeking a Senior Security Engineer – GRC Automation to design and implement automation for Governance, Risk, and Compliance operations, enhancing security and privacy commitments through innovative solutions.

Responsibilities

• Lead the implementation and integration of our GRC platform, ensuring it is fully operationalized across key systems and workflows
• Build out automated workflows for control testing, evidence collection, and audit readiness
• Design and deploy AI-assisted compliance workflows — including agentic evidence collection, LLM-powered vendor questionnaire review, and automated control narrative drafting — with clear validation logic built in
• Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management)
• Manage project delivery across multiple GRC automation initiatives simultaneously — maintaining clear scope, milestones, and stakeholder visibility without sacrificing quality
• Design dashboards and reporting to track control health, trust signals, and audit performance
• Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes like employee onboarding, change management, and incident response
• Own the roadmap for automated, resilient internal assurance infrastructure — setting priorities, managing delivery across concurrent workstreams, communicating progress to GRC leadership, and making build vs. buy decisions that scale with the business

Skills

• 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles
• Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring
• Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments
• Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
• Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations
• Project management and delivery ownership — experience managing multi-workstream compliance or security projects end-to-end: scoping, milestones, stakeholder communication, and on-time delivery. You can run a project without a PM holding your hand
• Experience building AI-assisted workflows — you've worked with LLMs, agentic tools, or automation pipelines (beyond click-through tools) to solve a GRC or compliance problem and can walk through what you built, why, and how you validated the output
• Confident in auditor-facing settings — you have a commanding presence in technical walkthroughs and can represent your automation work clearly to external auditors, senior stakeholders, and executive audiences. You know the difference between what you built and what it proves
• Hands-on experience with event-driven automation platforms like Tines and their use in control validation and alerting
• Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in tools like Looker or Metabase
• Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging)
• Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content
• Familiarity with EU AI Act, NIST AI RMF, or emerging AI governance frameworks — increasingly relevant as 1Password governs access for AI agents alongside human users
• CISA, CISSP, or equivalent certification, or actively working toward one

Benefits

• Immediate participation in 1Password's benefits program (health, dental, 401k and many others)
• Utilization of our generous paid time off
• An equity grant
• Where applicable, participation in our incentive programs
• Immediate participation in 1Password’s generous benefits program (health, dental, RRSP and many others)
• Utilization of our generous paid time off
• An equity grant
• Where applicable, participation in our incentive programs
• Maternity and parental leave top-up programs
• Competitive health benefits
• Generous PTO policy
• RSU program for most employees
• Retirement matching program
• Free 1Password account
• Paid volunteer days
• Peer-to-peer recognition through Bonusly
• Remote-first work environment

Company Overview