Senior GRC Analyst

Join Our Journey at Engine

At Engine, we’re revolutionizing work travel. Our modern travel platform isn’t just about booking trips; it’s about transforming how businesses and their teams experience travel. From seamless booking options with top airlines, hotels, and car rental providers to single-invoice billing and flexible trip modifications, we make travel not only easier to manage but also enjoyable. Backed by powerhouse investors like Telescope Partners, Blackstone, Elefund, and Permira, we’re growing fast—and we want you to be part of it.

Engine is seeking a highly-skilled and motivated Senior GRC (Governance, Risk, and Compliance) Analyst to join our team. In this role, you will be responsible for strengthening our security posture, ensuring compliance with critical standards such as SOC 2, GDPR, and CCPA, and managing audits, risk assessments, and compliance tracking across the organization. You will work closely with senior leadership, employees, and external auditors to ensure that Engine adheres to best practices in governance, risk management, and compliance.

Your Mission:
As part of the Engine team, you’ll play a vital role in an environment where innovation meets collaboration. Here’s what you’ll take charge of:

• Lead the configuration and management of GRC tools (Trust Centers, Learning Management Systems, Compliance Tracking, etc.) to ensure integration with security systems.
• Manage the main dashboard for SOC 2 reporting, ensuring accuracy and compliance.
• Develop and maintain a comprehensive risk management program and conduct risk assessments.
• Manage and conduct regular audits (weekly, monthly, quarterly, and bi-annual) across business, IT, and security processes to ensure best practices and legal compliance.
• Oversee the development and execution of security procedures across multiple domains.
• Develop, update, and maintain Contingency Planning strategies and procedures, including coordination of annual tabletop drills.
• Execute routine operational tasks related to security awareness training.
• Audit the access and compliance of third-party vendors and contractors.
• Review procurement requests for security standards and ensure all engagements meet company standards and regulatory requirements.
• Collaborate cross-functionally to identify and monitor security controls, map security controls to issues and risks, and mature the audit processes related to security controls that apply across multiple security frameworks.

What You’ll Bring to Engine:
We’re looking for someone who’s ready to make an impact and grow alongside us:

• Proven experience in managing GRC functions, ideally within a fast-paced, high-growth company.
• Strong understanding of ISO 27001, SOC 2, GDPR, CCPA, PCI-DSS, and SOX compliance standards.
• Excellent organizational, communication, and leadership skills.
• Ability to manage complex GRC initiatives and work across multiple teams.
• Ability to handle high-stress situations and effectively manage IT emergencies.
• Skilled in using GRC platforms and tools to manage compliance and risk management activities.
• Strong knowledge of security concepts, including risk management, identity and access management (IAM), key management, data protection, and network security.
• Track record of building security/GRC programs across various domains.
• Certifications such as CISA, CISM, CISSP, CRISC, or CCEP
• Experience with data protection and privacy law compliance.
• Familiarity with cloud security components of platforms like AWS, GCP, or Azure.
• Excellent problem-solving, analytical, and communication skills.
• Ability to work collaboratively with cross-functional teams, including IT, engineering, and HR teams.
• A passion for mentoring others.

The Engine Edge: Perks & Compensation
We believe in rewarding great work with great benefits:

• Compensation: Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
• Benefits: Check out our full list at engine.com/culture.
• Environments for Success: Different roles have different needs in terms of the environments that drive success which is why we have a hybrid-hub model. Whether you are in one of our amazing offices or fully remote, we’ll make sure you have what you need to succeed.

Perks and benefits may vary based on employment type, location, and more.

Ready to Build the Future of Work Travel?
Join us on our mission to transform how work travel works—for businesses, for travelers, and for the industry. Apply now and let’s make travel simpler, smarter, and more enjoyable—together.