Sydicom insightsSydicom overview

A remote role at WorkOS. 5+ years in a GRC or compliance role, with demonstrated ownership of cross-functional compliance projects, from scoping through delivery, at a cloud-native…

Keywords this role’s ATS scans for

Sydicom tailors your CV and cover letter to match these.

Communication

Level

Mid-level

Work

Remote

Focus

—

Pay

$175k-$275k/yr

How Sydicom helps: we read this listing’s requirements and tune your CV and cover letter to the keywords its ATS (Ashby) is scanning for, for candidates in United States, then help you apply.

Related roles

Original listing text, shown exactly as published by the company.

About the Role

We are looking for a GRC Engineer to lead and own our Governance, Risk, and Compliance program.

WorkOS has foundational compliance in place; SOC 2, HIPAA, GDPR, PCI-DSS SAQ D, and a growing set of customer and regulatory obligations. What we are looking for now is a leader for our compliance function: someone who can build on the trust our enterprise customers have placed in us, own our existing frameworks, and drive us into the next tier of certifications.

You will work with security leadership to navigate our GRC program. You will help set the strategy, shape the roadmap, and build the systems and culture that make compliance a byproduct of how we build software.

This is a remote or hybrid position, open to candidates based in Canada or the United States.

What You'll Do

Own our compliance function. Frameworks, policies, controls, and audits are yours. Make compliance part of how we build and ship, not a separate track.
Build the GRC culture. Own security awareness, internal education, and the cross-functional work that makes compliance a shared responsibility across the company.
Lead our next certifications. Drive readiness and on-going compliance for future frameworks like ISO 27001, EU-US DPF, FedRAMP; scoping the controls, documentation, and collaborating across the organization to make it happen.
Partner directly with customers. Be the voice of our compliance program to our customers. Support audits, enable sales on compliance-gated deals, and build on the trust we've established with the companies that depend on us.
Own risk across WorkOS. Run our risk and third-party risk programs. Identify risks as they emerge, drive remediation, and surface signal to leadership.
Scale through automation. Reduce manual toil wherever it hides. Design processes, tooling, and AI-assisted workflows so the compliance function scales without scaling headcount.

Who You Are

A trusted advisor, internally and externally. You work fluidly with customers, engineering, legal, sales, and auditors. You can explain a control, defend a design decision, manage a difficult customer conversation, and communicate clearly, in writing.
A pragmatic, forward-thinker. You spot audit tight spots before they arrive, have the experience to work through them, and how to future-proof against them. You reason systematically about real-world impact, and ensure we reduce risk over checking boxes.
A strong partner to engineering. You build trust by understanding engineers' priorities and making the compliant path the easiest path. You act as the bridge between auditor asks and engineering work with the ability to translate between the two.
Framework-fluent. You have hands-on experience implementing and auditing SOC 2 and other major frameworks (ISO 27001, PCI DSS, NIST 800-53, FedRAMP), and you can reason about new frameworks from first principles.
A builder, not just an operator. You see manual, repetitive GRC work as tech debt and look for ways to design it away: through process, tooling, AI, or partnering with engineering to build what's needed. You are not looking for a role where you chase screenshots and manage spreadsheets.

Qualifications

5+ years in a GRC or compliance role, with demonstrated ownership of cross-functional compliance projects, from scoping through delivery, at a cloud-native company.
Hands-on experience implementing or auditing SOC 2 plus one other major framework (ISO 27001, PCI DSS, NIST 800-53).
Experience building or significantly maturing a GRC function at a high-growth company; you have seen the zero-to-one arc, not just maintained a mature program.
Experience with GRC automation platforms (Vanta, Drata, or similar); migrating into, configuring, and building in them.
Strong written and verbal communication, particularly customer-facing advisory: explaining controls, handling objections, and managing audit and enterprise-deal conversations.

Bonus

Privacy regulations (GDPR, CCPA, HIPAA) and PII classification; we have employees and customers across multiple jurisdictions.
FedRAMP experience as implementer or auditor.
Proficiency in a programming or scripting language (Python, TypeScript, Go, or similar); you can read code, write automation, and leverage AI in day-to-day work.
GRC-as-code / compliance-as-code practices; version-controlled policies, automated control testing, or CI-integrated evidence collection.
Familiarity with authentication and identity (SAML, OIDC, SCIM); highly relevant given our product.

About WorkOS

WorkOS

Other

28 open roles on Sydicom

Websiteworkos.com

Developer APIs/SDKs for Enterprise Ready features like Single Sign-On, Directory Sync, Audit Logging, and more. Get started for free.

Source: company website

Open source

github.com/workos· 109 public repos· 7,608 stars· TypeScript