Search 
jobs
Explore 
companies
Join talent network
Talent
My job alerts

Governance, Risk and Compliance (GRC) Engineer Boston, Massachusetts Governance, Risk and Compliance (GRC) Engineer

Devo

Devo

Compliance / Regulatory
Posted on Jan 22, 2026
Apply now

Description

JOB SUMMARY
We are seeking a hands-on GRC Engineer to design, implement, and operate scalable, automated governance, risk, and compliance capabilities across cybersecurity, privacy, and AI systems.
This is an execution-first role. The GRC Engineer will work directly with Engineering, Product, and Security teams to operationalize industry frameworks, automate controls, and embed compliance requirements into systems, pipelines, and workflows.
The ideal candidate is technically fluent, collaborative, and pragmatic, with proven experience translating regulatory and framework requirements (e.g., SOC 2, PCI DSS, ISO, NIST) into working controls, telemetry, and tooling that stand up to audits and scale with the business.
JOB DETAILS
  • Design, implement, and automate security, privacy, and compliance controls using GRC platforms and workflow automation
  • Translate regulatory and framework requirements into technical, testable, system-level controls
  • Partner with Engineering to integrate controls into:
    • CI/CD pipelines
    • Cloud infrastructure
    • SaaS and third-party platforms
  • Reduce manual evidence collection by leveraging APIs, logs, telemetry, and automated attestations
  • Build repeatable workflows for control operation, monitoring, and exception handling
  • Support the implementation and ongoing operation of ISO/IEC 42001
  • Map AI risks, controls, and governance requirements into existing security and risk frameworks
  • Collaborate with Product and Engineering on:
    • AI and model risk assessments
    • Model lifecycle governance and change management
    • Data provenance, training data controls, and acceptable use
  • Support audits, internal reviews, and continuous monitoring related to AI governance and responsible AI practices
  • Implement and operate controls aligned to major industry frameworks and standards, including: SOC 2, PCI DSS, ISO/IEC 27001, ISO/IEC 42001, NIST CSF, and NIST 800-53
  • Maintain control mappings and crosswalks to ensure consistency across multiple frameworks
  • Support customer security questionnaires and auditor requests using evidence-backed, system-generated artifacts
  • Work directly with Engineering and Security teams to resolve control gaps at the lowest possible level
  • Communicate risks and requirements clearly, factually, and constructively

CANDIDATE REQUIREMENTS
1. KNOWLEDGES, SKILLS AND ABILITIES
Qualifications:
  • 5+ years of experience in GRC, Security Engineering, or Compliance Engineering
  • Hands-on experience implementing and operating GRC platforms and workflows
  • Strong working knowledge of industry frameworks and standards, including: SOC 2, PCI DSS, ISO/IEC 27001, ISO/IEC 42001, NIST CSF / NIST 800-53
  • Experience partnering directly with Engineering teams on control design and implementation
  • Ability to translate regulatory and framework language into practical technical requirements
  • Strong written and verbal communication skills with a focus on clarity, accuracy, and facts
2. BACKGROUND EXPERIENCES
  • A Bachelor's or Master's degree in Computer Science, Security Assurance or Relevant field
  • Experience supporting AI/ML systems governance or responsible AI initiatives
  • Familiarity with cloud platforms such as AWS, GCP, or Azure
  • Experience automating evidence collection using APIs, scripts, or workflow tools
  • Exposure to CI/CD pipelines and secure SDLC practices
  • Experience supporting external audits, SOC 2 examinations, PCI assessments, and customer security reviews

Devo does not discriminate on the basis of race, color, national origin, religion, gender, age, veteran status, sexual orientation, marital status or disability (in compliance with the Americans with Disabilities Act) with respect to employment opportunities.

Don’t meet every single requirement? At Devo we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

At Devo, diversity and inclusion means more than treating employees well and making them feel welcome. It is a commitment to hiring people who bring different insights because of their unique perspectives, ways of thinking, and prior experiences.

We intend to continue hiring great people and protecting our culture so everyone can be themselves and speak their minds. That way Devo will always be a place filled with purpose, energy, hard work, thoughtfulness, and respect.

To All Agencies: Please, no phone calls or emails to any employee of Devo outside of the Talent Acquisition team. Devo's policy is to only accept resumes from agencies via the Devo Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Devo and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid

Apply now
See more open positions at Devo
Privacy policyCookie policy