5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems You can read code, design integrations, and understand technical implementations Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics You see manual processes and immediately think about how to automate them Exceptional cross-functional collaboration and communication skills You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains Strong systems thinking You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit Bias for action You're a self-starter who ships solutions quickly and iterates based on feedback. Previous experience in Fintech or banking environments navigating complex regulatory landscapes Hands-on experience with Tines or other SOAR platforms to automate security operations Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices Relevant industry certifications such as CISSP, CISA, or CCSP Experience building metrics dashboards for security visualization and reporting Active contributions to the GRC or Security community through open-source projects or public research.