Senior GRC Engineer
Listed on 2026-07-11
-
IT/Tech
Cybersecurity, Information Security
Who Are We?
Postman is the world’s leading API platform, used by more than 45 million developers and 500,000 organizations, including 98% of the Fortune 500. Postman helps developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and enabling collaboration to create better APIs, faster.
The Security GRC team is responsible for the overall security posture of Postman by ensuring compliance with applicable regulations and contractual obligations and maintaining effective governance, risk, and compliance programs. The team supports and enables Sales and drives security and compliance initiatives to grow Postman.
What YouindWe seek a Senior GRC Engineer who combines deep GRC expertise with strong engineering skills to build and scale automation across governance, risk, and compliance. This is a hands-on technical role focused on designing and operating GRC tooling, integrations, and AI-assisted workflows that reduce manual effort while improving security assurance. The ideal candidate has experience implementing and maturing compliance programs, including SOC 2, ISO 27001, HIPAA, GDPR, CCPA, and FedRAMP, and can translate security and risk requirements into practical engineering solutions.
As a senior member of the Security GRC team, you will partner with Security, Engineering, IT, Legal, Sales, and other stakeholders to shape Postman's GRC strategy. You will own key compliance initiatives, drive continuous controls monitoring, build scalable automation, and serve as a trusted technical advisor on risk and compliance.
What You'll Do- Design, build, and operate GRC automation across evidence collection, control testing, risk tracking, and compliance reporting.
- Build integrations between GRC workflows and internal systems using code, workflow automation, low-code platforms, or AI-assisted tooling.
- Lead SOC 2, ISO 27001, HIPAA, and FedRAMP initiatives, owning at least one certification end-to-end.
- Drive continuous controls monitoring and automated evidence collection.
- Lead technical risk assessments and control implementation with cross-functional stakeholders.
- Improve audit readiness through automation and process optimization.
- Mentor teammates and influence GRC strategy.
- 6+ years of cybersecurity GRC experience in high-growth technology environments.
- Experience implementing and maturing GRC programs with pragmatic, engineered solutions.
- Knowledge of SOC 2, ISO 27001, HIPAA, GDPR, CCPA, and/or FedRAMP.
- Experience integrating GRC tooling with ticketing, identity, asset management, and cloud platforms.
- Experience with AI-assisted workflows or LLM-powered tooling.
- Strong communication skills translating risk into engineering requirements.
- Bachelor's degree or equivalent experience
The reasonably estimated base salary for this role ranges from $180,000 to $200,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience.
What Else?In addition to Postman's pay-for-performance philosophy and a flexible schedule, we offer a comprehensive benefits package including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Our wellness programs help maintain physical and mental health, and team-building events foster connection. We also offer a donation-matching program to support causes you care about. We are building a long-term, inclusive culture where everyone can be the best version of themselves.
In-person collaboration is valued. We are in the office five days a week for roles based in San Francisco Bay Area, Boston, Austin, New York City, Tokyo, and London. For roles based in Bangalore, employees currently work in the office three days a week and will transition to five days per week by year end.
Our ValuesWe value curiosity, transparency, and honest communication about successes and failures. We focus on specific goals that contribute to a larger vision and strive to create an inclusive work culture where everyone is valued as part of the final product.
Equal OpportunityPostman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, protected veteran status, or disability status. We do not accept unsolicited resumes from headhunters or recruitment agencies without a signed agreement with Postman.
#J-18808-Ljbffr(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).