All jobs

Senior GRC Engineer

Postman3h ago
United StatesOnsite$180K–$200KFull-timeSenior Level6+ yrs exp
Visa-friendly
  • Who Are We?
  • Postman is the world’s leading API platform, used by more than 45 million+ developers and 500,000 organizations, including 98% of the Fortune 500. Postman is helping developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and streamlining collaboration—enabling users to create better APIs, faster.
  • The company is headquartered in San Francisco and has offices in Boston, New York, Austin, Tokyo, London
  • Bangalore - where Postman was founded. Postman is privately held, with funding from Battery Ventures, BOND, Coatue, CRV, Insight Partners
  • Nexus Venture Partners. Learn more at postman.com or connect with Postman on X via @getpostman.
  • P.S: We highly recommend reading The "API-First World" graphic novel to understand the bigger picture and our vision at Postman.
  • The Opportunity
  • The Security GRC team is responsible for the overall security posture of Postman by ensuring compliance with applicable regulations and contractual obligations and maintaining effective and efficient governance, risk
  • compliance programs. In addition, the Security GRC team is directly involved with supporting and enabling Sales and driving security and compliance initiatives to further the growth of Postman.
  • We seek a Senior GRC Engineer who combines deep GRC expertise with strong engineering skills to build and scale automation across governance, risk
  • compliance. This is a hands-on technical role focused on designing and operating GRC tooling, integrations
  • AI-assisted workflows that reduce manual effort while improving security assurance. The ideal candidate has experience implementing and maturing compliance programs, including SOC 2, ISO 27001, HIPAA, GDPR, CCPA
  • can translate security and risk requirements into practical engineering solutions.
  • As a senior member of the Security GRC team, you will partner with Security, Engineering, IT, Legal, Sales
  • other stakeholders to shape Postman's GRC strategy. You will own key compliance initiatives, drive continuous controls monitoring, build scalable automation
  • serve as a trusted technical advisor on risk and compliance.
  • What You'll Do
  • Design, build, and operate GRC automation across evidence collection, control testing, risk tracking, and compliance reporting.
  • Build integrations between GRC workflows and internal systems using code, workflow automation, low-code platforms, or AI-assisted tooling.
  • Lead SOC 2, ISO 27001, HIPAA, and FedRAMP initiatives, owning at least one certification end-to-end.
  • Drive continuous controls monitoring and automated evidence collection.
  • Lead technical risk assessments and control implementation with cross-functional stakeholders.
  • Improve audit readiness through automation and process optimization.
  • Mentor teammates and influence GRC strategy.
  • About You
  • 6+ years of cybersecurity GRC experience in high-growth technology environments.
  • Experience implementing and maturing GRC programs with pragmatic, engineered solutions.
  • Knowledge of SOC 2, ISO 27001, HIPAA, GDPR, CCPA, and/or FedRAMP.
  • Proficiency in Python, JavaScript, or similar for production-grade automation.
  • Experience integrating GRC tooling with ticketing, identity, asset management, and cloud platforms.
  • Experience with AI-assisted workflows or LLM-powered tooling.
  • Strong communication skills translating risk into engineering requirements.
  • Bachelor's degree or equivalent experience
  • The reasonably estimated base salary for this role ranges from $180,000 to $200,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience.
  • What Else?
  • In addition to Postman's pay-on-performance philosophy
  • a flexible schedule working with a fun, collaborative team, Postman offers a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement
  • a monthly lunch stipend. Along with that, our wellness programs will help you stay in the best of your physical and mental health. Our frequent and fascinating team-building events will keep you connected
  • our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves.
  • At Postman we value in person collaboration. We are in office 5 days a week for all roles based out of our hubs in San Francisco Bay Area, Boston, Austin, New York City, Tokyo and London. For roles based in Bangalore, employees currently work in the office three days a week and will transition to five days per week by the end of the year. We were thoughtful in our approach which is based on collaboration and grounded in feedback from our workforce, leadership team
  • peers. The benefits of our in office model will be shared knowledge, brainstorming sessions, communication
  • building trust in-person that cannot be replicated via zoom.
  • Our Values
  • At Postman, we create with the same curiosity that we see in our users. We value transparency and honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.
  • Equal opportunity
  • Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status
  • disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.

Required skills

GRCSOC 2ISO 27001HIPAAGDPRCCPAFedRAMPPythonJavaScript
Posted on JobRush — the end-to-end AI job-search platform.