Senior Governance, Risk & Compliance Engineer

Amplitude is a leading digital analytics platform. More than 1,900 customers, including Atlassian, Jersey Mike’s, Marks & Spencer, NBCUniversal, PayPal, Shopify, and Under Armour rely on Amplitude to gain self-service visibility into the entire customer journey.  With Amplitude, teams can understand what product features are working, where users are getting stuck, and what actions lead to the right outcomes. As an organization, we approach challenges with humility, take ownership of our contributions, and embrace a growth mindset that pushes us to constantly improve ourselves, each other, and the value we bring to customers and partners.

Amplitude’s Commitment to Diversity Equity & Inclusion (DEI): Amplitude believes that diversity enables creation of better products, ability to solve complex problems, and drive more powerful solutions. In order to make diversity possible, we commit to striving to create an environment of inclusion: an environment focused on psychological safety, empathy, and human connection, which will allow employees of all backgrounds to feel the care they need to thrive.

About The Role & Team

As the Senior GRC Engineer you will be responsible for designing, implementing, and maintaining a comprehensive security program that ensures the confidentiality, integrity, and availability of an organization's information and systems. This includes developing and enforcing security policies and procedures, performing risk assessments and security audits, and ensuring compliance with relevant laws and regulations.

As a Senior GRC Engineer, you will: 

• Drive security compliance across our organization, improve the risk management function, and build trust with stakeholders to improve control maturity & accountability
• Work directly with Engineering teams to design efficient, performant controls in a cloud-first environment that meet our compliance needs (SOX, SOC, ISO, GDPR)
• Implement control-monitoring automation and risk telemetry (evidence collection, state monitoring, posture change alerting) via GRC tools and compliance-as-code 
• Grow our customer trust and third-party risk management functions with trust-portal tools, automated vendor risk reviews, and standard frameworks (CAIQ, VSA, SIG)
• Define security risk & compliance program objectives, identify key metrics, cultivate relationships with stakeholders, and report quantifiable progress to leadership

You'll be a great addition to the team if you have:

• 8+ years of progressively responsible work experience in IT/Security governance, risk, and compliance, security assurance, or third-party risk and customer trust 
• Experience operating as part of a information security program, reporting into an Engineering organization, or building the second line of defense at a growth company
• Deep technical understanding of best practices for implementing cloud-native controls for SOC2, ISO, and SOX compliance in a fast-paced environment
• Curiosity and tenacity to investigate technical challenges, and the ability to compellingly communicate security risks to diverse audiences
• Prior experience working in Security and Compliance at an Engineering-led SaaS/Cloud company

Who We Are

The Company: Amplitude is filled with humble, life-long learners who are eager to help one another and the company succeed. Our values of growth mindset, ownership, and humility are core to the way we work: we’re tenacious in the face of challenges, we take the initiative to solve problems that drive our shared success, and we operate from a place of empathy and openness, seeking to understand many points of view. 

We care about the well-being of our team: along with excellent health insurance, we offer flexible time off, a monthly wellness stipend, a generous parental leave, a subscription to Modern Health, and a generous Learning & Development stipend.

The Product: Amplitude is a digital analytics platform – we help companies understand their users, rapidly release better product experiences, and ultimately grow their business. We’re super proud of what we’ve built and continue to expand: a platform that empowers companies to thrive in the digital era.

Other fun facts about Amplitude: 

• G2: #1 product analytics solution and #3 best software product 
• Business Insider: A top tech company to bet your career on
• Fast Company: #3 most innovative enterprise company in the world
• Amplitude went public via a direct listing in September 2021 and is now trading under the ticker AMPL. 
• Founded in 2012, Amplitude is backed by Benchmark Capital, Sequoia Capital, IVP, Battery Ventures, Y Combinator and other top tier investors.
• We’re a global and fast-growing team! We have offices in San Francisco (HQ), New York, Vancouver, Amsterdam, London, Paris, Singapore, and employees around the world.
• Our mascot is the datamonster, who loves to chow down on numbers, charts, and graphs. Nom nom.

Amplitude provides equal employment opportunities (EEO). All applicants are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, or sexual orientation.