As a Security Engineer (GRC) at Offchain Labs, you will play a key role in defining and improving our security posture through robust governance, clear policies, and effective risk management.
You’ll collaborate across teams to ensure that our operations are secure, compliant, and aligned with regulatory and industry best practices - such as SOC2.
What you'll do:
Develop and enforce security policies, standards, and procedures organization-wide.
Ensure the company is audit-ready and responsive to any regulatory changes.
Establish and clearly communicate data privacy and data-handling standards to internal teams as well as external partners and stakeholders.
Track, document, and report on the status of security controls, ongoing audits, and all related compliance activities
Play an active part in designing, launching, and continuously refining the company’s overall information security governance program.
Work closely with security, engineering, infrastructure, and product teams to make sure controls fit both business objectives and technical realities.
Promote security awareness and build a strong culture of shared risk responsibility through focused training and straightforward communication.
Support both internal and external audits by coordinating evidence gathering, preparing materials, and ensuring findings are addressed quickly and thoroughly.
What you'll need:
5+ years of experience in a security engineering, governance, or risk management role.
Solid understanding of AWS or other cloud vendors.
Strong understanding of core information security concepts and major regulatory frameworks/standards (e.g. SOC2, ISO 27001, NIST CSF)
Hands-on experience with standard risk assessment approaches and supporting tools.
Direct experience drafting and updating security policies.
Ability to translate complex regulatory and technical obligations into straightforward, actionable internal processes
Strong communication skills that work well with both technical and non-technical audiences
Excellent written and verbal communication skills, with the ability to present complex technical details as clear, risk-focused recommendations
Perks:
Remote-first global workforce + NY office
Annual company offsite + team onsites
Professional reimbursement program (facilitates industry conference attendance, certifications, and more)
Medical, dental & vision coverage (US + some other countries)
