Security GRC Specialist

Profound
New York, US
On-site

Who this role is best for

Geared toward mid-level security professionals comfortable with hands-on compliance and engineering collaboration in a fast-moving NYC-based environment.

Best fit for

  • GRC professionals who can bridge compliance requirements with engineering implementation.
    — “Translate compliance requirements into technical, scalable solutions
  • Candidates with experience driving audits and leading customer-facing security discussions.
    — “Experience supporting audits and leading customer-facing security conversations
  • Individuals who proactively drive security improvements rather than just tracking them.
    — “Proactive and hands-on: you drive changes, you don't just track them

Things to consider

  • On-site presence required in NYC, with no remote flexibility mentioned.
    — “This is an on-site role based in our NYC office
  • Role involves balancing rigorous compliance with business acceleration needs.
    — “Comfortable balancing rigor with pragmatism in a fast-moving environment

How to stand out

  • Highlight specific examples of automating compliance workflows in past roles.
    — “Familiarity with automation in compliance workflows
  • Demonstrate experience scaling GRC programs from early stages.
    — “Experience building or scaling a GRC program from early stages
  • Showcase technical collaboration with engineers on cloud infrastructure projects.
    — “Work directly with engineering to design and implement practical security controls
Pace · SteadyCollaboration · HighAutonomy · MediumDecision Impact · TeamLevel · Mid

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • successful audits
  • reduced compliance overhead
Typical background
3 to 7+ years in security GRC or compliance roles

Skills & requirements

Required

SOC 2ISO 27001GDPRSecurity ComplianceRisk Assessments

Preferred

Cloud Infrastructure SecurityIdentity And Access Management

Stack & domain

Soc 2Iso 27001GDPRAuditsCompliance FrameworksSecurity ControlsEnterprise Security QuestionnairesRfpsDue Diligence RequestsTrust CenterSecurity WhitepapersCloud InfrastructureData PipelinesCustomer-facing SurfacesIdentity And Access ManagementSecurity EngineeringDevOpsGrc ToolingCommunicationTeamworkProblem-solvingLeadershipSecurityComplianceEngineering

About the role

Original posting from Profound via Ashby

Profound is on a mission to help companies understand and control their AI presence. We are hiring a Security GRC Specialist to own and scale our security and compliance programs while working closely with engineering, sales, and customer success.

Profound sells to enterprises with serious security expectations, and our GRC function is central to closing deals, sustaining customer trust, and meeting the regulatory bar for the markets we operate in. This is not a "watch the dashboard and file the report" role. You'll shape how we build secure systems, push remediation through with engineering, and make sure compliance accelerates the business rather than slowing it down.

WHAT YOU'LL DO

  • Own and operate our compliance frameworks: SOC 2, ISO 27001, GDPR, and others as we grow
  • Drive audits end to end: readiness, evidence collection, auditor coordination
  • Continuously improve controls and reduce compliance overhead through automation
  • Lead responses to enterprise security questionnaires, RFPs, and due diligence requests
  • Partner with Sales and Customer Success to unblock deals and build trust with security teams at Fortune 500 customers
  • Develop and maintain our trust center, security whitepapers, and customer-facing documentation
  • Work directly with engineering to design and implement practical security controls across our cloud infrastructure, data pipelines, and customer-facing surfaces
  • Partner on identity and access work (SSO, SAML, SCIM, IdP integrations) where security, compliance, and customer-facing requirements intersect
  • Translate compliance requirements into technical, scalable solutions
  • Identify gaps and drive remediation, not just report them
  • Run risk assessments across systems, vendors, and processes
  • Maintain policies and standards that are lightweight, current, and actually useful
  • Track and report on our security posture and compliance status to leadership
  • Improve how we manage compliance: evidence collection, control mapping, automation
  • Evaluate and implement GRC and security tooling where it earns its keep

WHO YOU ARE

  • 3 to 7+ years in security GRC, compliance, or adjacent security engineering roles
  • Hands-on experience with SOC 2, ISO 27001, or similar frameworks
  • Experience supporting audits and leading customer-facing security conversations
  • Comfortable working with engineers and reasoning about cloud infrastructure, APIs, identity systems, and data flows
  • Able to translate between compliance language and engineering reality in both directions
  • Experience with modern cloud environments (AWS, GCP, or Azure) is a strong plus
  • Proactive and hands-on: you drive changes, you don't just track them
  • Comfortable balancing rigor with pragmatism in a fast-moving environment
  • Strong written communication, especially with enterprise customers and cross-functional partners
  • Experience building or scaling a GRC program from early stages
  • Familiarity with automation in compliance workflows
  • Background in security engineering, DevOps, or identity and access management

LOCATION

This is an on-site role based in our NYC office, designed for builders who thrive on speed, iteration, and meaningful impact.

For this role, the expected base salary range is $150,000 to $240,000, depending on experience. Profound's total compensation package includes base salary, equity, and a full range of benefits and perks. Final compensation will depend on factors such as your skills, experience, qualifications, and location, and will be determined during the interview process. Our recruiting team will share more details about the full compensation package and benefits as you move through hiring.

#LI-PRO

Note: All official communication from Profound will come from a @tryprofound.com email address. If you're contacted by anyone using a different domain, please disregard and report it as spam.

Source: Profound careers (Ashby)

Similar roles