Senior Security Engineer (GRC)
Role in brief
Offchain Labs seeks a Senior Security Engineer (GRC) to build and maintain its information security governance program. This role involves developing policies, managing audits, and ensuring compliance with regulatory frameworks. It is ideal for experienced security professionals who can translate complex security requirements into actionable processes and foster a strong security culture within a blockchain environment.
About the role
This role focuses on strengthening the company's security posture through governance, risk management, and compliance activities. The Senior Security Engineer will be responsible for creating and enforcing security policies, managing data privacy standards, and overseeing audit preparedness. This involves tracking security controls and compliance activities, ensuring the organization meets regulatory requirements.
A key aspect of this position is actively shaping the information security governance program. The engineer will collaborate with security, engineering, infrastructure, and product teams to integrate controls that align with both business objectives and technical constraints. This ensures that security measures are practical and effective across the organization.
Success in this role means fostering a company-wide culture of shared risk responsibility. This is achieved by promoting security awareness through training and clear communication, as well as supporting internal and external audits. The engineer will coordinate evidence gathering and ensure that any audit findings are addressed promptly and thoroughly.
The salary for this role ranges from $112,000 to $188,000 USD.
Skills that matter here
- NIST CSF: This framework is essential for understanding and implementing core information security concepts and regulatory standards.
- Information security concepts: A strong grasp of these concepts is needed to develop and enforce security policies and procedures.
- AWS: Experience with cloud vendors like AWS is required to ensure security controls are effective in cloud environments.
- Regulatory frameworks: The role demands familiarity with various frameworks to ensure the company remains audit-ready and compliant.
- Risk management: This skill is central to assessing risks, implementing controls, and refining the overall security governance program.
- SOC2: Knowledge of SOC2 is necessary for ensuring audit preparedness and compliance with relevant standards.
Who this role suits
- A person with at least five years of experience in security engineering, governance, or risk management.
- Someone who can clearly communicate complex regulatory and technical obligations to both technical and non-technical audiences.
- An individual who excels at drafting and updating security policies and translating them into actionable internal processes.
- A professional who enjoys collaborating with various teams to ensure security controls meet business and technical needs.
From the employer
What you'll do:
- Develop and enforce security policies, standards, and procedures organization-wide.
- Ensure the company is audit-ready and responsive to any regulatory changes.
- Establish and clearly communicate data privacy and data-handling standards to internal teams as well as external partners and stakeholders.
- Track, document, and report on the status of security controls, ongoing audits, and all related compliance activities.
- Play an active part in designing, launching, and continuously refining the company’s overall information security governance program.
- Work closely with security, engineering, infrastructure, and product teams to make sure controls fit both business objectives and technical realities.
- Promote security awareness and build a strong culture of shared risk responsibility through focused training and straightforward communication.
- Support both internal and external audits by coordinating evidence gathering, preparing materials, and ensuring findings are addressed quickly and thoroughly.
What you'll need:
- 5+ years of experience in a security engineering, governance, or risk management role.
- Solid understanding of AWS or other cloud vendors.
- Strong understanding of core information security concepts and major regulatory frameworks/standards (e.g. SOC2, ISO 27001, NIST CSF).
- Hands-on experience with standard risk assessment approaches and supporting tools.
- Direct experience drafting and updating security policies.
- Ability to translate complex regulatory and technical obligations into straightforward, actionable internal processes.
- Strong communication skills that work well with both technical and non-technical audiences.
- Excellent written and verbal communication skills, with the ability to present complex technical details as clear, risk-focused recommendations.
Perks:
- Remote-first global workforce + NY office.
- Annual company offsite + team onsites.
- Professional reimbursement program (facilitates industry conference attendance, certifications, and more).
- Medical, dental & vision coverage (US + some other countries).
- 401k retirement plan + company match (US only).
- Wellness stipend.
- Home office set up / ergonomic equipment program.
Questions about this role
What is the remote work policy for this position?
This is a remote position, and Offchain Labs operates with a remote-first global workforce.
What is the seniority level of this role?
This is a senior-level position, requiring significant experience in security engineering, governance, or risk management.
What are the key skills required for this role?
Key skills include a strong understanding of information security concepts, regulatory frameworks like SOC2, ISO 27001, and NIST CSF, experience with cloud vendors like AWS, and hands-on experience with risk assessment tools.