Senior Governance, Risk & Compliance Engineer
San Francisco, CA
Applications have closed
Amplitude
Build better products by turning your user data into meaningful insights, using Amplitude's digital analytics platform and experimentation tools.Amplitude is a leading digital analytics platform. More than 1,900 customers, including Atlassian, Jersey Mike’s, Marks & Spencer, NBCUniversal, PayPal, Shopify, and Under Armour rely on Amplitude to gain self-service visibility into the entire customer journey. With Amplitude, teams can understand what product features are working, where users are getting stuck, and what actions lead to the right outcomes. As an organization, we approach challenges with humility, take ownership of our contributions, and embrace a growth mindset that pushes us to constantly improve ourselves, each other, and the value we bring to customers and partners.
Amplitude’s Commitment to Diversity Equity & Inclusion (DEI): Amplitude believes that diversity enables creation of better products, ability to solve complex problems, and drive more powerful solutions. In order to make diversity possible, we commit to striving to create an environment of inclusion: an environment focused on psychological safety, empathy, and human connection, which will allow employees of all backgrounds to feel the care they need to thrive.
About The Role & Team
As the Senior GRC Engineer you will be responsible for designing, implementing, and maintaining a comprehensive security program that ensures the confidentiality, integrity, and availability of an organization's information and systems. This includes developing and enforcing security policies and procedures, performing risk assessments and security audits, and ensuring compliance with relevant laws and regulations.
As a Senior GRC Engineer, you will:
- Drive security compliance across our organization, improve the risk management function, and build trust with stakeholders to improve control maturity & accountability
- Work directly with Engineering teams to design efficient, performant controls in a cloud-first environment that meet our compliance needs (SOX, SOC, ISO, GDPR)
- Implement control-monitoring automation and risk telemetry (evidence collection, state monitoring, posture change alerting) via GRC tools and compliance-as-code
- Grow our customer trust and third-party risk management functions with trust-portal tools, automated vendor risk reviews, and standard frameworks (CAIQ, VSA, SIG)
- Define security risk & compliance program objectives, identify key metrics, cultivate relationships with stakeholders, and report quantifiable progress to leadership
You'll be a great addition to the team if you have:
- 8+ years of progressively responsible work experience in IT/Security governance, risk, and compliance, security assurance, or third-party risk and customer trust
- Experience operating as part of a information security program, reporting into an Engineering organization, or building the second line of defense at a growth company
- Deep technical understanding of best practices for implementing cloud-native controls for SOC2, ISO, and SOX compliance in a fast-paced environment
- Curiosity and tenacity to investigate technical challenges, and the ability to compellingly communicate security risks to diverse audiences
- Prior experience working in Security and Compliance at an Engineering-led SaaS/Cloud company
Who We Are
The Company: Amplitude is filled with humble, life-long learners who are eager to help one another and the company succeed. Our values of growth mindset, ownership, and humility are core to the way we work: we’re tenacious in the face of challenges, we take the initiative to solve problems that drive our shared success, and we operate from a place of empathy and openness, seeking to understand many points of view.
We care about the well-being of our team: along with excellent health insurance, we offer flexible time off, a monthly wellness stipend, a generous parental leave, a subscription to Modern Health, and a generous Learning & Development stipend.
The Product: Amplitude is a digital analytics platform – we help companies understand their users, rapidly release better product experiences, and ultimately grow their business. We’re super proud of what we’ve built and continue to expand: a platform that empowers companies to thrive in the digital era.
Other fun facts about Amplitude:
- G2: #1 product analytics solution and #3 best software product
- Business Insider: A top tech company to bet your career on
- Fast Company: #3 most innovative enterprise company in the world
- Amplitude went public via a direct listing in September 2021 and is now trading under the ticker AMPL.
- Founded in 2012, Amplitude is backed by Benchmark Capital, Sequoia Capital, IVP, Battery Ventures, Y Combinator and other top tier investors.
- We’re a global and fast-growing team! We have offices in San Francisco (HQ), New York, Vancouver, Amsterdam, London, Paris, Singapore, and employees around the world.
- Our mascot is the datamonster, who loves to chow down on numbers, charts, and graphs. Nom nom.
Amplitude provides equal employment opportunities (EEO). All applicants are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, or sexual orientation.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits Automation Cloud Compliance GDPR Governance Monitoring Risk assessment Risk management SaaS SOC SOC 2 SOX
Perks/benefits: Career development Flex hours Flex vacation Gear Insurance Parental leave Startup environment Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs