View All Jobs 137067

Senior Security Engineer, GRC Automation - Remote Eligible

Lead the design and delivery of automated GRC workflows across multiple systems.
Remote
Senior
$153,000 – 214,000 USD / year
20 hours agoBe an early applicant
1Password

1Password

Provides secure password management, digital vaults, and identity protection tools for individuals and businesses across devices.
7 Similar Jobs at 1Password

Senior Security Engineer – GRC Automation

At 1Password, we're building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Unified Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience. Over 180,000 businesses, from Fortune 100 leaders to the world's most innovative AI companies, trust 1Password to help their teams securely adopt the SaaS and AI tools they need to do their best work.

If you're excited about the opportunity to contribute to the digital safety of millions, to work alongside a team of curious, driven individuals, and to solve hard problems in a fast-paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future.

Trust is earned — and we're building the systems to earn it at scale. 1Password is looking for a Senior Security Engineer – GRC Automation to design and implement automation, dashboards, and integrations that power our Governance, Risk, and Compliance (GRC) operations.

You'll partner directly with the Senior Manager of GRC to build automation that scales our security and privacy commitments — from audit readiness and policy enforcement to customer trust workflows. A key focus for this role will be operationalizing and expanding our GRC platform (Drata), building AI-assisted workflows that automate evidence collection, control monitoring, and vendor risk — and owning the delivery of those projects from scoping through go-live.

This is a hands-on technical role for someone who's passionate about making GRC repeatable, visible, and built into how the company works. It sits at the intersection of security engineering, compliance, and platform operations — ideal for someone with a solutions engineering, DevSecOps, or GRC practitioner background who thrives in high-context, high-impact environments. You won't just build things — you'll also be in the room with auditors, owning the technical narrative for what you've built and why.

This is a remote opportunity within the US or Canada.

What we're looking for:

  • 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles.
  • Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring.
  • Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments.
  • Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools.
  • Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems.
  • Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations.
  • Project management and delivery ownership — experience managing multi-workstream compliance or security projects end-to-end: scoping, milestones, stakeholder communication, and on-time delivery. You can run a project without a PM holding your hand.
  • Experience building AI-assisted workflows — you've worked with LLMs, agentic tools, or automation pipelines (beyond click-through tools) to solve a GRC or compliance problem and can walk through what you built, why, and how you validated the output.
  • Confident in auditor-facing settings — you have a commanding presence in technical walkthroughs and can represent your automation work clearly to external auditors, senior stakeholders, and executive audiences. You know the difference between what you built and what it proves.

Bonus points if you have:

  • Hands-on experience with event-driven automation platforms like Tines and their use in control validation and alerting.
  • Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards in tools like Looker or Metabase.
  • Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging).
  • Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content.
  • Familiarity with EU AI Act, NIST AI RMF, or emerging AI governance frameworks — increasingly relevant as 1Password governs access for AI agents alongside human users.
  • CISA, CISSP, or equivalent certification, or actively working toward one.

What you can expect:

  • Lead the implementation and integration of our GRC platform, ensuring it is fully operationalized across key systems and workflows.
  • Build out automated workflows for control testing, evidence collection, and audit readiness.
  • Design and deploy AI-assisted compliance workflows — including agentic evidence collection, LLM-powered vendor questionnaire review, and automated control narrative drafting — with clear validation logic built in.
  • Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management).
  • Manage project delivery across multiple GRC automation initiatives simultaneously — maintaining clear scope, milestones, and stakeholder visibility without sacrificing quality.
  • Design dashboards and reporting to track control health, trust signals, and audit performance.
  • Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes like employee onboarding, change management, and incident response.
  • Own the roadmap for automated, resilient internal assurance infrastructure — setting priorities, managing delivery across concurrent workstreams, communicating progress to GRC leadership, and making build vs. buy decisions that scale with the business.

At 1Password, we build with AI: At 1Password, using AI to do more with less isn't a bonus — it's how we operate, and it's especially central to this role. We expect you to come in and actively build compliance infrastructure with AI, not just use off-the-shelf tools.

  • A proven builder: You've built something — an agentic evidence collection workflow, an AI-assisted vendor questionnaire reviewer, an LLM-powered control narrative pipeline — and you can walk through what you built, the choices you made, what you iterated on, and what the measurable impact was.
  • Compliance-as-infrastructure mindset: You think in terms of automation coverage. "What percentage of our control evidence is generated automatically vs. collected manually?" is a question you ask and try to move.
  • AI tradeoff reasoning: You understand where non-deterministic AI is acceptable in compliance workflows (first-pass gap analysis, vendor triage) vs. where deterministic guarantees matter (audit-ready evidence, control conclusions). You build validation steps in — you don't treat AI output as ground truth.
  • Systems thinking: When you describe an automation you built, you can explain how it changed downstream workflows, not just what it saved on the immediate task.

USA-based roles only: The annual base salary for this role is between $153,000 USD and $214,000 USD, plus immediate participation in 1Password's benefits program (health, dental, 401k and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.

Canada-based roles only: The annual base salary for this role is between $144,000 CAD and $202,000 CAD, plus immediate participation in 1Password's generous benefits program (health, dental, RRSP and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.

At 1Password, we approach each individual's compensation with a promise of fair market value and internal equity commensurate with experience and specific skill set.

This posting is for an existing vacancy.

Our culture

At 1Password, we prioritize collaboration, clear and transparent communication, receptiveness to feedback, and alignment with our core values: keep it simple, lead with honesty, and put people first.

You'll be part of a team that challenges the status quo, and is excited to experiment and iterate in search of the best solution. That said, 1Password is not for

+ Show Original Job Post
Suggest a correction
























Senior Security Engineer, GRC Automation - Remote Eligible
Remote
$153,000 – 214,000 USD / year
Engineering
Apply to job
About 1Password
Provides secure password management, digital vaults, and identity protection tools for individuals and businesses across devices.